Researchers from the Department of Computer Science at the University of California Santa Barbara have released a publication about the operation of a botnet known as Torpig. The team controlled the botnet for 10 days, and during this time they observed 180,000 infections and recorded over 70 GBs of harvested data, thanks to the Malware used in the botnet. Torpig has been distributed to victims as part of Mebroot, a rootkit that takes control of a machine by replacing the system’s Master Boot Record. This prevents most anti-virus tools from detecting Mebroot. Details on how the researchers were able to gain access to the botnet (and how their access was later cut off my the criminals behind the Malware) can be accessed HERE.
A few key findings from their research:
* Torpig was collecting over 1.2 million Windows passwords, form data from Web sites equal to 11.9 million records, and 1.2 million e-mail items.
* In 10 days, Torpig obtained credentials of 8,310 accounts at 410 different institutions. The top targets were PayPal, Pote Italiane, Capital One, E*Trade and Chase.
* 38% of the credentials stolen by Torpig were obtained from browser password managers, rather than by intercepting a login session.