U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

DDoSCoin, the cryptocurrency that pays the participation in DDoS attacks

Two researchers have devised a cryptocurrency scheme dubbed DDoSCoin that pays everytime a user participates in a DDoS attack against certain servers. The assistant professor at the University of Colorado Eric Wustrow and the phD student at the University of Michigan Benjamin VanderSloot have conducted a curious proof-of-concept project aimed at the creation of a cryptocurrency that […]

DDoSCoin, the cryptocurrency that pays the participation in DDoS attacks

Two researchers have devised a cryptocurrency scheme dubbed DDoSCoin that pays everytime a user participates in a DDoS attack against certain servers.

The assistant professor at the University of Colorado Eric Wustrow and the phD student at the University of Michigan Benjamin VanderSloot have conducted a curious proof-of-concept project aimed at the creation of a cryptocurrency that pays when users participate in DDoS attacks.

Yes, it is not a joke, DDoSCoin is the name of the cryptocurrency that pays users that take part to DDoS attacks against TLS web servers.

Every time a TLS connection is confirmed, it is created a signature used to recognize the attacker’s activity.

The duo published a paper titled DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work that details their efforts.

The DDoSCoin is equivalent to other cryptocurrencies like Bitcoin, with substantial difference that the mining process requests the participation in DDoS attacks.

DDoSCoin mining

“In this paper, we present DDoSCoin, which is a cryptocurrency with a malicious proof-of-work. DDoSCoin allows miners to prove that they have contributed to a distributed denial of service attack against specific target servers.” explained the researchers in the paper. “This proof involves making a large number of TLS connections to a target server, and using cryptographic responses to prove that a large number of connections has been made. Like proof-of-work puzzles, these proofs are inexpensive to verify, and can be made arbitrarily difficult to solve.”

DDoSCoin represents a novelty in the hacking landscape, it leverages on the ability of proving the use of bandwidth to a (potentially unwilling) target domain.

“Proof-of-DDoS can be used to replace proof-of-work in a cryptocurrency setting, provided that there is consensus around what victims are valid targets.”

In order to specify a target for mining activity, the virtual currency scheme introduces the payment opcode PAY_TO_DDOS.

The PAY_TO_DDOS opcode takes two parameters in an output script: a string representing the server to attack, and a target difficulty corresponding to the amount of connections the payer wishes to be made.

“In order to allow victims to be (temporarily) selected for DoS, DDoSCoin allows “bounties” for targeting specific servers. To accomplish this, DDoSCoin introduces a new payment opcode, PAY_TO_DDOS, that can be used in transactions subject to certain constraints” states the paper.
We all known that DDoS booters are considered precious commodities in the criminal underground, currencies like DDoSCoin can be abused for bad purposes.

I suggest you to read the paper … it is very interesting.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – DDoSCoin, virtual currency)