> See vanitygen. Yes, 8 characters can be brute forced.
> 

Thank you for this reference.  Interesting to see that there is a tool to generate a vanity bitcoin address.

I am still researching viruses that are designed to manipulate a bitcoin address.  I suspect they are primitive in that they use a hardcoded rogue bitcoin address as opposed to dynamically generating one.

As a start, this would help protect against malware that uses a static rogue bitcoin address.  The next thing would be for the malware to brute-force the legitimate bitcoin address and generate a rogue bitcoin address that would produce the same 8 digit code.  Curious to know how long this brute force would take?  Or perhaps, before converting to 8 digits there is some other hashing function that is performed.

Brian Erdelyi