"They definitely did their homework...[but] they have entered into the fray of the healthy debate over what should be disclosed and what should not be," says Sean Brady, senior manager, identity protection and verification for RSA. "This [research] does create a road map...for the [botnet] criminals to fix, and not just for others to exploit."
Among the findings by UCSD was that 38 percent of the credentials Torpig stole were taken from a browser's password manager, not by sniffing a login session.
The researchers found that most of the bots were poorly secured and poorly maintained machines using easily guessed passwords. Some characteristics of the English-speaking victims the researchers found when studying their online posts and Webmail messages: They seek jobs and submit resumes (14 percent of the messages), they are sports fans (6 percent); they study for exams and worry about grades (5 percent); they trade goods online (4 percent); and they look for sex or partners online (4 percent). Only a few of the victims suspected their machine was infected.
What makes the Torpig botnet so unique? "The level of sophistication, the amount of data that it is able to steal, and the fact that it has been active for more than three years is truly remarkable," Stone-Gross says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.