IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Boffins observe Torpig botnet

Professors discuss the behaviour of your less-than-average security threat by controlling the Torpig botnet.

soldiers protecting laptop

Security researchers at a US university have spent 10 days in control of the notorious Torpig botnet to observe its behaviour.

The boffins from the University of California's Department of Computer Science Security Group have now published a document that shines a light onto the practices and capabilities of Torpig. Your Botnet is My Botnet: Analysis of a Botnet Takeover' makes for frightening reading."For our work, we seized control of the Torpig (a.k.a. Sinowal, Anserin) botnet for ten days. Torpig, which has been described in as 'one of the most advanced pieces of crimeware ever created,' is a type of malware that is typically associated with bank account and credit card theft," they explain in the introduction.

During their study, the researchers - Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Chris Kruegel and Giovanni Vigna - found that the botnet harvested some 70GB of data from 180,000 infected machines.

The numbers may seem lower than expected, but during the period of their control the researchers were able to dig much deeper into the botnet than others have, drilling down further from the usual IP address numbers to actual individual accounts and machines. "Torpig obtained the credentials of 8,310 accounts at 410 different institutions. The top targeted institutions were PayPal (1,770 accounts), Poste Italiane (765), Capital One (314), [and ] E*Trade (304)," claimed the report.

Torpig is something of an end-user nightmare. It is almost undetectable by all the major browsers and uses phishing attacks to spoof a login page. "the injected content carefully reproduces the style and look-and-feel of the target web site. Furthermore, the injection mechanism defies all phishing indicators included in modern browsers," the researchers explain in the report.

By doing just this, Torpig managed to take at least one credit card number from 86 per cent of its victims, and in some cases many more. From one hacked machine, later identified as belonging to a call centre worker, the botnet took some 30 different credit card numbers, proving that neither individual nor organisation is out of its reach. The researchers estimate that in an average 10 days of activity "the Torpig controllers may have profited anywhere between $83k and $8.3M."

Other insights in the report include the fact that the majority of internet users do not help themselves when it comes to security thanks to their use of easily cracked passwords. In fact, about 40 per cent of logins were cracked in just over an hour thanks to the use of common hacking tools.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021
X-rated phishing attacks just keep growing
phishing

X-rated phishing attacks just keep growing

4 Jun 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022