Main » 2011 » Март » 16 » Botnet torpig captured for research
13:13
Botnet torpig captured for research
Researchers from the University of California, published the results of the analysis of a compromised botnet Torpig, control over who managed to catch not so long ago (PDF). Unfortunately, after ten days of client modules are updated and in touch with them was lost. However, collected, even in this time of information allows a detailed examination of how botnets work and how effective they are. Over this period, through a botnet last 70 GB of information: it fills forms in a browser, email correspondence and a different password. Interestingly, the gathering of experts managed to decipher the 56,000 passwords in a matter of hours.

Get control over the botnet Torpig (also known as Sinowal) managed by decoding method by which the client machines to generate a daily list have not yet registered domains.



Researchers have managed to register one of these domains and to raise it management server. Ten days of control over the botnet they recorded 180,000 infected PCs and more than 1.2 million IP-addresses from which the request arrives.

Torpig specializes in collecting financial information. In just ten days from the client machines were received 8,310 accounts in 410 financial institutions, including PayPal, Capital One, E * Trade, and Chase. About 40% of passwords were obtained from the password manager in the browser and not from the actual sessions. According to experts, the owners of the botnet could be removed from all these accounts up to $ 8.3 million in ten days of work.

The analysis also showed that 28% of victims using the same data for access to all sites and personal service, and it is much easier life criminals.

Via Ars Technica
Views: 589 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: