botnet hijacking steals 70GB of data

Researchers from the the University of California, Santa Barbara recently hijacked the Torpig botnet and observed 70GB of data collected by the malware over a 10 day period.

The dangerous malware takes control of a computer by rewriting the hard drive's master boot record, and in doing so, gains control early on in a PC's boot process so that it can move past any security software.

Taken from about 180,000 infected machines, the stolen information included private banking and system data.

This included over 8,300 credentials that was used to login to 410 financial institutions and more than 21 percent were PayPal accounts.

The team of researchers were able to hijack the botnet by exploiting its "domain flux" component, which creates a list of potential command servers to contact.

The researchers said that once they successfully cracked the algorithm used to create the domains, they were able to guess possible future domains and create a fake command server.

Following the hijacking of the botnet, the team observed and collected information for 10 days. During this time, they made many key observations.

For instance, even though only 180,000 systems had been infected, more than 1.2 million IP addresses were logged, calling into question the correlation between the size of botnets to the number of IP addresses.

Another intriguing find was that the Torpig gathered more than just bank and credit card information.

The uploaded data also revealed user login details and email account information, which led researchers to believe that the botnet could potentially be used for spamming purposes.

The researchers discovered that like most malware, Torpig also targets poorly-patched machines and lax security practices to create the botnet.

Last month, an attack against the Web Hosting Talk message board led to select users having their credit card data compromised and publicly posted.

print this article

Return to hosting news headlines
View Hosting News Archive

Share with: