Torpig botnet captured for research
Researchers from the University of California published the results of an analysis of a cracked Torpig botnet, which they managed to intercept recently ( PDF ). Unfortunately, in ten days the client modules were updated and communication with them was lost. However, the information collected even during this time allows us to study in detail how botnets work and how effective they are. During this period, 70 GB of information passed through the botnet: these are the filled-in forms in the browser, email correspondence and various passwords. It is interesting that the experts managed to decrypt 56,000 passwords literally within an hour.
It was possible to gain control over the Torpig botnet (also known as Sinowal) by deciphering the method by which client machines generate a list of not yet registered domains on a daily basis.
Researchers managed to register one of these domains and pick up a control server on it. For ten days of control over the botnet, they recorded 180,000 infected PCs and more than 1.2 million IP addresses from which requests came.
')
Torpig specializes in collecting financial information. In just ten days, 8,310 accounts in 410 financial institutions, including PayPal, Capital One, E * Trade and Chase, were received from client machines. About 40% of passwords were obtained from password managers in browsers, and not from real sessions. According to experts, the owners of the botnet could remove from all these accounts up to $ 8.3 million in ten days of work.
The analysis also showed that 28% of victims use the same data to access all sites and personal services, and this makes life easier for attackers.
via Ars Technica
It was possible to gain control over the Torpig botnet (also known as Sinowal) by deciphering the method by which client machines generate a list of not yet registered domains on a daily basis.
Researchers managed to register one of these domains and pick up a control server on it. For ten days of control over the botnet, they recorded 180,000 infected PCs and more than 1.2 million IP addresses from which requests came.
')
Torpig specializes in collecting financial information. In just ten days, 8,310 accounts in 410 financial institutions, including PayPal, Capital One, E * Trade and Chase, were received from client machines. About 40% of passwords were obtained from password managers in browsers, and not from real sessions. According to experts, the owners of the botnet could remove from all these accounts up to $ 8.3 million in ten days of work.
The analysis also showed that 28% of victims use the same data to access all sites and personal services, and this makes life easier for attackers.
via Ars Technica
Source: https://habr.com/ru/post/59012/
All Articles