mrsimicsakmrsimicsak Member Posts: 2
What if somebody created a Ethereum mining botnet using the DAC concepts built into Ethereum?

What I am imagining looks something likes this:
X creates a 4 part virus for mining Ethereum.
Part 1 is the infection/replication code for one infection method. Each method is tied to a different address that it mines into.
Part 2 is the Ethereum client.
Part 3 is the mining code.
Part 4 is the intelligence. It monitors and maintains the botnet running independently of an human control.

Part 4 is setup first, seeded with some infection methods and enough Ethereum to keep it running until it is self sustaining.

Several Part 1s are then released into the wild and they infect machines. The first thing they do is install Part 2 and communicate with Part 4 asking for a set amount of the top most productive Part 1s which they then use to infect other machines. At the same time Part 3 is installed and starts mining into the address associated with the Part 1 that infected the machine implicitly communicating to Part 4 that this infection method works and that continued use will be beneficial.

The botnet grows and pretty soon fixes are found for the exploits being used. Various Part 1s are "retired" by Part 4 as they become less productive.

X creates some more exploits and uploads them to Part 4 which in turn distributes them always making sure that it has multiple good infection methods in use.

The botnet grows some more and is now a serious problem and the Anti-Botnet Police decided to shut it down. They create several very good exploits and upload them to Part 4 (why not it will accept code from anybody, bad infections will soon be retired) pretty soon the entire botnet is only running Anti-Botnet Police exploits. They release the patches for the exploits and pretty soon and the infected machines are cleaned up and now there are no more infection sources, so while Part 4 is still running it has been rendered harmless.

This version has a happy ending but what about if the Anti-Botnet Police decided that everybody running Ethereum is a criminal and outlaws it? Or arrests them?

Of course all X has to do to restart it is upload some new infection methods and release them and the whole thing starts all over again (assuming he wasn't caught when the botnet was taken down). At some point the Anti-Botnet Police might get irritated and decide to recourse to the above.

It is even possible that somebody crazy enough would create a botnet like this and set it up so that the excess mining proceeds would be distributed to the Ethereum users to "truly decentralize mining and prevent 51% attacks".

Is this even feasible? Is there a way for Ethereum code to pay for itself with out exposing a private key? (Which would allow the wallet funding the code to be drained stopping the code)

Please forgive the way I wrote this up but a story was the best way I could think of to communicate what I was thinking.


  • mlacortemlacorte Los AngelesMember Posts: 27 ✭✭
    edited February 2014
    Culpability is an interesting subject with regards to these uncensorable distributed networks. I'm not sure how the law is going to come down on these types of cases. Another similar example was the instance of child porn being encoded into the Bitcoin blockchain[1]. It depends on whether or not these tools are considered a distribution platform, and as far as I'm aware, the issue has never been taken to court. I assume that governments would want some way to regulate these systems, but in their current form, that just isn't possible.

    On a separate note, the botnet operator would simply need to make a contract that only updates itself if sent a signed message. That way the Anti-Botnet Police wouldn't be able to upload fixes to the address the infected clients are listening on.

Sign In or Register to comment.