☆Obaby's H4cking W0rld☆

Hack-Crack==Backdoors - RATs - Trojans // Binders-Packers - Rootkits

破解-黑客-零日漏洞-灰鸽子/上兴/PCShare-木马免杀-网站入侵-信息安全

Researchers from the University of California gained control over a well-known and powerful network of hacked computers for 10 days, gaining insight into how it steals personal and financial data.

The botnet, known as Torpig or Sinowal, is one of the more sophisticated networks that uses hard-to-detect malicious software to infect computers and subsequently harvest data such as e-mail passwords and online banking credentials.

The researchers were able to monitor more than 180,000 hacked computers by exploiting a weakness within the command-and-control network used by the hackers to control the computers. It only worked for 10 days, however, until the hackers updated the command-and-control instructions, according to the researchers' 13-page paper.

Still, that was enough of a window to see the data-collecting power of Torpig/Sinowal. In that short time, about 70GB of data were collected from hacked computers.

The researchers stored the data and are working with law enforcement agencies such as the U.S. FBI, ISPs and even the U.S. Department of Defense to notify victims. ISPs also have shut down some Web sites that were used to supply new commands to the hacked machines, they wrote.

Torpig/Sinowal can pilfer user names and passwords from e-mail clients such as Outlook, Thunderbird and Eudora while also collecting e-mail addresses in those programs for use by spammers. It can also collect passwords from Web browsers.

Torpig/Sinowal can infect a PC if a computer visits a malicious Web site that is designed to test whether the computer has unpatched software, a technique known as a drive-by download attack. If the computer is vulnerable, a low-level piece of malicious software called a rootkit is slipped deep into the system.

The researchers found out that Torpig/Sinowal ends up on a system after it is first infected by Mebroot, a rootkit that appeared around December 2007.

Mebroot infects a computer's Master Boot Record (MBR), the first code a computer looks for when booting the operating system after the BIOS runs. Mebroot is powerful since any data that leaves the computer can be intercepted.

Mebroot can also download other code to the computer.

Torpig/Sinowal is customized to grab data when a person visits certain online banking and other Web sites. It is coded to respond to more than 300 Web sites, with the top targeted ones being PayPal, Poste Italiane, Capital One, E-Trade and Chase bank, the paper said.

If a person goes to a banking Web site, a falsified form is delivered that appears to be part of the legitimate site, but asks for a range of data a bank would not normally request, such as a PIN (personal identification number) or a credit card number.

Web sites using SSL (Secure Sockets Layer) encryption are not safe if used by a PC with Torpig/Sinowal, since the malicious software will grab information before it is encrypted, the researchers wrote.

Hackers typically sell passwords and banking information on underground forums to other criminals, who try to covert the data into cash. While it's difficult to precisely estimate the value of the information collected over the 10 days, it could be worth between $83,000 to $8.3 million, the research paper said.

There are ways to disrupt botnets such as Torpig/Sinowal. The botnet code includes an algorithm that generates domain names that the malware calls on for new instructions.

Security engineers have often been able to figure out those algorithms to predict which domains the malware will call on, and preregister those domains to disrupt the botnet. It is an expensive process, however. The Conficker worm, for example, can generate up to 50,000 domain names a day.

Registrars, companies that sell domain name registrations, should take a greater role in cooperating with the security community, the researchers wrote. But registrars have their own issues.

"With few exceptions, they often lack the resources, incentives or culture to deal with security issues associated with their roles," the paper said.

The original article can be viewed here:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&art...

版权声明:
转载请注明原作者:☆obaby☆
网站名称:☆Obaby's H4cking W0rld☆


1 评论:

蔡翠紫 说...

現在還有什麼聊天室-韓國色情電影推薦-裸體美女色圖-夫妻視頻秀
視訊美女聊天-美女在家視頻跳舞-淫獸學院漫畫-美女視頻聊天交友
台灣美女視訊-有免費的黃色視頻聊天室-日本成人黃色遊戲-美女脫去衣視頻
美女視頻-迪吧現場視頻-P8電影在線觀看-寂寞交友富婆聊天室
MFC視訊美女-含色情片段的電影-淫來淫網-同城聊天室 視頻聊
好聊-成人午夜劇場-黃片論壇-碧聊視頻語音聊天室-九聊視頻語音聊天室
誘惑頻道-快播聚色網站-人體堂論壇-飄聊視頻語音聊天室-裸聊視頻
視訊聊天室破解版-插插色情網-望京論壇-七聊視頻語音聊天室
韓國視訊-色小姐高清電影網-望京社區-三聊視頻語音聊天室
視訊主播-農村性交電影-潮鳴論壇-免費視頻語音聊天室-裸體視頻
視訊聊天網站-隕石三級電影快播-浙江在線社區-寂寞富婆同城聊天
本土視訊聊天室-QVOD色情導航-南匯52生活網論壇-同城寂寞富婆
聊天室-四房播色QVOD電影網址-狼群電影院-同城寂寞交友網
韓國winktv視訊主播-動漫色情圖片直接下載-豆辯電影網-夫妻視頻秀
韓國winktv視訊-AV色情成人快播-伊人成人影院免費-同城寂寞交友網站
韓國視訊主播-快播a片色情網站-久久色悠悠網-同城寂寞白領交友網
韓國視訊種子-最新的QQ萬部倫理電影-色大姐綜合網-同城異性寂寞交友網
韓國視訊聊天視頻-四房播播的最新網址-色悠悠綜合影院-真愛旅舍
韓國視訊網-快播七色成人網-色久久綜合網-聊天室美女熱舞視頻
視訊主播排行榜-免費成人性交視頻-色哥哥妹妹綜合網-真愛旅舍
韓國視訊主播排行榜-快播巨乳騷逼美女-私色房綜合網影視-夫妻真人秀
韓國視訊主播夏娃-色性情片視頻播放-色悠悠久久綜合-聊天室熱舞視頻
免費一對一視訊聊天-比較黃的歐美電影-久久小說網悠悠-真愛旅舍
一對一聊天室-歐洲成人圖區-天天私色綜合網-美女直播間熱舞視頻
國外視訊聊天網站-帥哥幫美女脫衣服視頻-天天色影視綜合網
日本視訊聊天-QVOD倫理AV情色電影-唐人色愛區綜合網-在線聊天室熱舞
韓國視訊聊天網站-亂倫電影網站在線觀看-私色房綜合區-聊天室熱舞
秀女聊天室-日韓色情快播電影-操一操影院人妻-美女熱舞直播視頻
在線聊天室熱舞-亞洲成人網色就是色-色夜影院-熱舞秀聊天室
視頻表演聊天室-不用註冊看色情-AV成人教育-9158熱舞聊天室
台灣視訊女神-夫妻農夫電影-哥也色蝴蝶谷娛樂網-美女熱舞視頻
台灣視訊UT-花房亂愛QVOD-步步情電影網-美女主播性感熱舞視頻
台灣視訊網站-初夏蜜桃泰國電影視頻-盜情書包網-美女主播熱舞視頻
台灣視訊聊天室破解-日本成人雜誌-情歡天堂網-夫妻真人秀視頻
視訊電視-一級激情電影-情豆網-韓國美女主播熱舞視頻-裸聊直播間
成人視頻-日本AV快播-維情網-台灣一對一視訊聊天室-台灣UT聊天室視頻
色情視頻-日本成人電影-酒澀網-黑色絲網襪視頻-黑色絲網襪美女
裸聊美女視頻-快播成人AV-色欲成人電影網-台灣UT聊天室視頻下載
視頻播放器-亞洲AV在線-青色波波要色地址-美女絲網襪套感視頻

发表评论