Researchers Took Control of Torpig Botnet Stealing Financial Data

Security researchers at the University of California report that they took over a botnet earlier this year (2009) and retained its control for full ten days. During the period, they exposed 70GB of stolen financial data from it that included bank account details and payment card numbers.

According to the researchers, the malware that builds and controls the botnet is known as Torpig, also called Mebroot or Sinowa, a program designed to collect financial and other personal information from users of Windows computers. Meanwhile, to take control of the Torpig botnet, the researchers exploited a flaw in the bots' manner of finding the servers that command-and-control them.

Subsequently, they established the domains for the bots to resolve them, after which they established servers to which the bots would link up with to receive the commands. This method was executed for a full ten-day period after which the controllers of Torpig made the system up-to-date and reduced the extent of observation.

While the botnet was under the control of the researchers, nearly 300,000 distinct login data was seized including 56,000 passwords collected over an hour.

In the research, it was discovered that many victims (28%) used personal credentials more than once to access 368,501 websites, helping scammers to easily harvest more information.

Security researchers also reveal that within only those 10 days, Torpig seemed to gather credentials of 8,310 financial accounts from institutions like Capital One, Chase, E*Trade and PayPal among many. Further, almost 40% of the data seized by Torpig was stolen from managers of browser passwords instead of original login sessions. Researchers also speculated that the controller of Torpig might have netted $83,000 to $8.3 Million through the exploitation of the stolen credentials.

Meanwhile, clues suggest that the botnet herders even rented out their network and earned revenue.

Thus, the researchers summed up that botnet victims were those who maintained their systems rather poorly and selected easily breakable passwords. Therefore, according to them, any malware issue is primarily a 'cultural' issue in the way that irresponsible behavior with computer usage evokes.

Related article: Researchers Urge Caution against phishing Scams

» SPAMfighter News - 5/8/2009