informa
/
Risk
News

Researchers Take Over Dangerous Botnet

Computer scientists at the University of California-Santa Barbara expose details of infamous botnet known for stealing financial data after temporarily wresting control of it
But the researchers' disclosure of details about the botnet and its victims -- naming banks and describing some of the online interests of users victimized by the botnet based on their Webmail messages and online forum posts -- also stirred up debate about whether the researchers gave away too much information about Torpig that could compromise efforts to eventually take the botnet down.

"They definitely did their homework...[but] they have entered into the fray of the healthy debate over what should be disclosed and what should not be," says Sean Brady, senior manager, identity protection and verification for RSA. "This [research] does create a road map...for the [botnet] criminals to fix, and not just for others to exploit."

Among the findings by UCSD was that 38 percent of the credentials Torpig stole were taken from a browser's password manager, not by sniffing a login session.

The researchers found that most of the bots were poorly secured and poorly maintained machines using easily guessed passwords. Some characteristics of the English-speaking victims the researchers found when studying their online posts and Webmail messages: They seek jobs and submit resumes (14 percent of the messages), they are sports fans (6 percent); they study for exams and worry about grades (5 percent); they trade goods online (4 percent); and they look for sex or partners online (4 percent). Only a few of the victims suspected their machine was infected.

What makes the Torpig botnet so unique? "The level of sophistication, the amount of data that it is able to steal, and the fact that it has been active for more than three years is truly remarkable," Stone-Gross says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5