Boffins observe Torpig botnet

Professors discuss the behaviour of your less-than-average security threat by controlling the Torpig botnet.

soldiers protecting laptop

Security researchers at a US university have spent 10 days in control of the notorious Torpig botnet to observe its behaviour.

The boffins from the University of California's Department of Computer Science Security Group have now published a document that shines a light onto the practices and capabilities of Torpig. Your Botnet is My Botnet: Analysis of a Botnet Takeover' makes for frightening reading."For our work, we seized control of the Torpig (a.k.a. Sinowal, Anserin) botnet for ten days. Torpig, which has been described in as 'one of the most advanced pieces of crimeware ever created,' is a type of malware that is typically associated with bank account and credit card theft," they explain in the introduction.

During their study, the researchers - Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Chris Kruegel and Giovanni Vigna - found that the botnet harvested some 70GB of data from 180,000 infected machines.

The numbers may seem lower than expected, but during the period of their control the researchers were able to dig much deeper into the botnet than others have, drilling down further from the usual IP address numbers to actual individual accounts and machines. "Torpig obtained the credentials of 8,310 accounts at 410 different institutions. The top targeted institutions were PayPal (1,770 accounts), Poste Italiane (765), Capital One (314), [and ] E*Trade (304)," claimed the report.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Torpig is something of an end-user nightmare. It is almost undetectable by all the major browsers and uses phishing attacks to spoof a login page. "the injected content carefully reproduces the style and look-and-feel of the target web site. Furthermore, the injection mechanism defies all phishing indicators included in modern browsers," the researchers explain in the report.

By doing just this, Torpig managed to take at least one credit card number from 86 per cent of its victims, and in some cases many more. From one hacked machine, later identified as belonging to a call centre worker, the botnet took some 30 different credit card numbers, proving that neither individual nor organisation is out of its reach. The researchers estimate that in an average 10 days of activity "the Torpig controllers may have profited anywhere between $83k and $8.3M."

Other insights in the report include the fact that the majority of internet users do not help themselves when it comes to security thanks to their use of easily cracked passwords. In fact, about 40 per cent of logins were cracked in just over an hour thanks to the use of common hacking tools.

Featured Resources

Report: The State of Software Security

This annual report explores important trends in software security

Download now

A fast guide to finding your cloud solution

One size doesn't fit all in the cloud, so how do you find the best option for your business?

Download now

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Small & Medium Business Trends Report

Insights from 2,000+ business owners and leaders worldwide

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/hardware/354723/coronavirus-starts-to-take-its-toll-on-the-tech-industry
Hardware

Coronavirus starts to take its toll on the tech industry

6 Feb 2020
Visit/operating-systems/microsoft-windows/354739/windows-7-bug-blocks-users-from-shutting-down-their-pcs
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020
Visit/in-depth/354726/sonos-speakers-are-environmentally-unsound
In-depth

Sonos speakers are environmentally unsound

9 Feb 2020