Taking over the Torpig botnet

General discussion about anything you like. Except Religion, US Politics and Midget discrimination.
User avatar
stan_qaz
Omniscient Kiwi
Location: Gilbert, Arizona
Posts: 8671
Joined: Fri Jul 25, 2008 5:13 am

Taking over the Torpig botnet

Mon May 04, 2009 7:39 pm

Found this report on botnet research, the web page is a quick overview, the PDF report has a lot more information.

http://www.cs.ucsb.edu/~seclab/projects ... index.html
Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security threats on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is designed to harvest sensitive information (such as bank account and credit card data) from its victims.

At the beginning of 2009, we took control of the Torpig botnet for ten days. Over this period, we observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected.
Related Story:

http://www.rsa.com/blog/blog_entry.aspx?id=1378
So, why is Sinowal one of the most serious threats to anyone with an Internet connection? Simply put, Sinowal infects victims’ computers without even an inkling of a trace. The criminals behind Sinowal have not only created highly-advanced and malicious crimeware, but have also maintained one of the most hidden and reliable communication infrastructures. This infrastructure has been designed to keep Sinowal collecting and transmitting information for almost three years. In addition, the stolen data has been methodically organized within a well-organized repository. Almost three years is a very, very long time for just one online gang to maintain the lifecycle and operations in order to effectively utilize just one Trojan.

Only rarely do we come across crimeware that has been continually stealing and collecting personal information and payment card data, and compromising bank accounts as far back as 2006. And in addition to its longevity, Sinowal has also been evolving at a dramatic pace – its rate of attacks spiked upwards from March through September of this year.

The creators of the Sinowal Trojan periodically release new variants and register thousands of Internet domains for its communication resources. The purpose of this is to maintain the Trojan’s uninterrupted grip on infected computers.
I am not a Firetrust employee just a MW user.
--
First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day,
sell a customer a Windows computer and you'll eat for a lifetime.
Ikeb
Microsoft MVP with a slice of PITA
Contact:
Location: Ottawa, Ontario, Canada
Posts: 455
Joined: Thu Jul 24, 2008 3:56 pm

Re: Taking over the Torpig botnet

Tue May 05, 2009 5:23 pm

Scary!

Return to “Chit Chat”