Boffins observe Torpig botnet

Professors discuss the behaviour of your less-than-average security threat by controlling the Torpig botnet.

soldiers protecting laptop

Security researchers at a US university have spent 10 days in control of the notorious Torpig botnet to observe its behaviour.

The boffins from the University of California's Department of Computer Science Security Group have now published a document that shines a light onto the practices and capabilities of Torpig. Your Botnet is My Botnet: Analysis of a Botnet Takeover' makes for frightening reading."For our work, we seized control of the Torpig (a.k.a. Sinowal, Anserin) botnet for ten days. Torpig, which has been described in as 'one of the most advanced pieces of crimeware ever created,' is a type of malware that is typically associated with bank account and credit card theft," they explain in the introduction.

Advertisement - Article continues below

During their study, the researchers - Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Chris Kruegel and Giovanni Vigna - found that the botnet harvested some 70GB of data from 180,000 infected machines.

The numbers may seem lower than expected, but during the period of their control the researchers were able to dig much deeper into the botnet than others have, drilling down further from the usual IP address numbers to actual individual accounts and machines. "Torpig obtained the credentials of 8,310 accounts at 410 different institutions. The top targeted institutions were PayPal (1,770 accounts), Poste Italiane (765), Capital One (314), [and ] E*Trade (304)," claimed the report.

Advertisement
Advertisement - Article continues below

Torpig is something of an end-user nightmare. It is almost undetectable by all the major browsers and uses phishing attacks to spoof a login page. "the injected content carefully reproduces the style and look-and-feel of the target web site. Furthermore, the injection mechanism defies all phishing indicators included in modern browsers," the researchers explain in the report.

Advertisement - Article continues below

By doing just this, Torpig managed to take at least one credit card number from 86 per cent of its victims, and in some cases many more. From one hacked machine, later identified as belonging to a call centre worker, the botnet took some 30 different credit card numbers, proving that neither individual nor organisation is out of its reach. The researchers estimate that in an average 10 days of activity "the Torpig controllers may have profited anywhere between $83k and $8.3M."

Other insights in the report include the fact that the majority of internet users do not help themselves when it comes to security thanks to their use of easily cracked passwords. In fact, about 40 per cent of logins were cracked in just over an hour thanks to the use of common hacking tools.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020
Visit/business-strategy/it-infrastructure/356258/the-growing-case-for-it-flexibility
Sponsored

The growing case for IT flexibility

30 Jun 2020