Patched ‘Venom’ Bug Said to Be ‘Perfect’ for Stealing Bitcoin

Published at: May 14, 2015

The newly patched “Venom” vulnerability in virtualization software is “perfect” for any organization targeting bitcoin wallets, private keys and forum passwords, according to Robert Graham, chief executive officer of security firm Errata.

Researchers first discovered the bug through the security firm CrowdStrike, which described Venom as a security vulnerability in the virtual floppy drive code used by computer virtualization platforms. They said:

“This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host.”

“Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.”

CrowdStrike went on to say that the Venom vulnerability could expose access to corporate intellectual property (IP), as well as personal information, potentially impacting the ”thousands of organizations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy”.

Graham said the now patched bug was a menace, as attackers would find it easy to exploit, often to lucrative effect. He said it would be a “perfect” bug for an organization such as the National Security Agency (NSA):

“This is a hypervisor privilege escalation bug. To exploit this, you'd sign up with one of the zillions of VPS [virtual private server] providers and get a Linux instance. You'd then, likely, replace the floppy driver in the Linux kernel with a custom driver that exploits this bug. You have root access to your own kernel, of course, which you are going to escalate to root access of the hypervisor.

“Once you gained control of the host, you'd then of course gain access to any of the other instances. This would be a perfect bug for the NSA. Bitcoin wallets, RSA private keys, forum passwords, and the like are easily found searching raw memory. Once you've popped the host, reading memory of other hosted virtual machines is undetectable.”

Graham said it was possible the NSA could buy multiple US$10 VPS instances around the world for US$100K before running the search.

“All sorts of great information would fall out of such an effort -- you'd probably make your money back from discovered Bitcoin alone,” he said.

“I'm not sure how data centers are going to fix this, since they have to reboot the host systems to patch. Customers hate reboots -- many would rather suffer the danger rather than have their instance reboot. Some data centers may be able to pause or migrate instances, which will make some customers happier.”

Tags
Nsa
Related Posts
Developers Propose Plan to Protect Ethereum Classic Network From Further Attacks
Ethereum Classic (ETC) accelerator Ethereum Classic Labs announced a plan to protect the blockchain from further attacks. On Aug. 19 the organization proposed taking immediate action in implementing long-term changes to the network architecture over the next three to six months. The accelerator decided to focus their efforts on improving the network’s security after recent attacks on the blockchain. The immediate measures proposed by Ethereum Classic Labs include a “defensive mining” cooperation with mining pools and miners to maintain a consistent hashrate and gain the ability to increase it when needed. A higher hashrate would render a 51% attack against …
Altcoin / Aug. 20, 2020
Binance Security Report Sheds Light On Crypto Scams
A report released by major crypto exchange Binance illustrates how scams targeting cryptocurrency investors attempt to gain credibility. In the report published on June 30, the exchange explained that its Binance Sentry risk investigation service observed reports of fraudulent investment schemes promising quick or exponential returns on cryptocurrency investments. The frauds do not just concern crypto but also forex, binary options and contracts for difference (CFDs). Binance published the report after a Bitcoin (BTC) scam targeted the residents of Winnipeg, Canada, in late June. Scams are often well-organized, big operations Scam organizations are frequently the subject of regulatory warnings but …
Blockchain / July 2, 2020
Analyst Is 'Surprised’ There Hasn’t Been a Large-Scale Attack on Bitcoin Cash Yet
Yassine Elmandjra, a crypto asset analyst at ARK Invest, said in a May 24 tweet that the Bitcoin Cash (BCH) hashrate fell by 30% since its halving event, and only accounts for about 2% of the SHA-256 hashrate. Elmandjra now thinks it’s only a question of time before somebody takes advantage of the network: “Surprised we haven't seen a large scale attack yet.” According to data from BitInfoCharts, the Bitcoin Cash average daily hashrate fell by nearly 25.6% since its April 8 halving. Still, Elmandjra presumably did his calculations based on May 23 data, where the hashrate was down by …
Blockchain / May 25, 2020
Grand Theft Crypto: The State of Cryptocurrency-Stealing Malware and Other Nasty Techniques
Much of digital assets’ appeal stems from the fact that many of them are not affiliated with or controlled by governments, central banks or transnational corporations (at least, not yet). The price paid for the independence from institutions of global capitalism, though, might sometimes be extremely high, as, in the event of cryptocurrency theft, there is no one to appeal to for recourse. Further still, the irreversible nature of blockchain transactions renders it extremely difficult to get the money back once its gone. The villains of the internet love cryptocurrencies for the same reasons. In the last few years, marked …
Blockchain / June 23, 2019
New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research
American software security firm Symantec found a spike in a new crypto mining malware that mainly targets enterprises, TechCrunch reports on April 25. The new cryptojacking malware, dubbed Beapy, uses the leaked United States National Security Agency (NSA) hacking tools to spread throughout corporate networks to generate big sums of money from a large amount of computers, the report notes. First spotted in January 2019, Beapy reportedly surged to over 12,000 unique infection across 732 organizations since March, with more than 80% of infections located in China. As found by researchers, Beapy malware is reportedly spread through malicious emails. Once …
United States / April 25, 2019