Malware turns cool cloud idea into money-sucking parasite for consumers

MetaQuotes distributed agents to create cloud-based processing; malware redirected the profits

Here's a cool idea that went bad in a hurry:

Build a cloud computing service based on hardware belonging to other people, but sell it just like any other commercial cloud service.

Use the same highly distributed approach SETI did in the '90s and try not to notice the similarity between a legitimate cloud service based on borrowed CPU cycles from privately owned machines, and malware-driven botnets that do the same thing except that they deliver DDOS rather than financial results.

The good and evil in that model changed places a bit, according to Kaspersky Labs, which yesterday identified both the malware and the plan malware writers used to exploit a cool new idea in cloud computing for their own benefit.

Finding aliens one PC at a time:

Back in the day, the SETI Institute (Search for Terrestrial Intelligence) needed a lot of processing power to analyze data from radio telescopes to try to find regular patterns that might indicate they were created by aliens, not space gas.

SETI had found no aliens, so it didn't get much of a budget to look for aliens.

So it created SETI@home, an agent it could distribute to millions of individual PC owners who, being civic minded, interested in aliens, and willing to load any free screensaver that looked cool and wasn't a virus, would load the SETI agent and set it as their screensaver.

Every time the screensaver came on, the agent took over the CPU and memory of the PC to process little calculation jobs SETI had downloaded for it earlier.

Once it finished the job, it sent the results back to SETI, which tut-tutted because here was another answer to the alien question, and the answer was always 'No.'

Morphing the SETI into clouds and then into malware

Less than a month ago a financial-services developer called MetaQuotes needed horsepower for the cloud-based version of its analysis software.

It offered to pay PC owners to run a little agent on their machines that would make their computers part of a giant parallel-processing network, just like SETI's.

All that micro-parallel-processing power went into a cloud service called the MQL5 Cloud Network, which functions just like any other cloud service except that a lot of its spillover capacity comes from tiny PCs owned by individuals rather than giant virtualized servers owned by co-hosters and carriers.

Except, malware writers got just as interested as consumers.

Some, at least, attached their own malware to it and began sending out email with malware able to identify if the machine it was attacking was 32- or 64-bit, install itself, and download the right version of the MetaQuotes client to the unknowing consumer's PC.

Then it signs up the PC for a job with the MetaQuotes cloud, processes jobs like any other legitimate node, and puts in for payment to someone other than the owner of the PC.

Kaspersky Labs identified the malware and the conspiracy.

It all depends on a trojan called Trojan-Downloader.Win32.MQL5Miner.a, which stays invisible to the consumer and doesn't interrupt the client software's relation with the cloud except to change the name on the checks.

Kaspersky let MetaQuotes know their cloud servers were being hijacked. Presumably it will fix the problem, or blame the aliens. Either works for me as long as the evidence is strong enough.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies