The botnet, known as Torpig or Sinowal, is one of the more sophisticated networks that uses hard-to-detect malicious software to infect computers and subsequently harvest data such as e-mail passwords and online banking credentials.
The researchers were able to monitor more than 180,000 hacked computers by exploiting a weakness within the command-and-control network used by the hackers to control the computers. It only worked for 10 days, however, until the hackers updated the command-and-control instructions, according to the researchers' 13-page paper.
Still, that was enough of a window to see the data-collecting power of Torpig/Sinowal. In that short time, about 70GB of data were collected from hacked computers.
The researchers stored the data and are working with law enforcement agencies such as the U.S. FBI, ISPs and even the U.S. Department of Defense to notify victims. ISPs also have shut down some Web sites that were used to supply new commands to the hacked machines, they wrote.
Torpig/Sinowal can pilfer user names and passwords from e-mail clients such as Outlook, Thunderbird and Eudora while also collecting e-mail addresses in those programs for use by spammers. It can also collect passwords from Web browsers.
Torpig/Sinowal can infect a PC if a computer visits a malicious Web site that is designed to test whether the computer has unpatched software, a technique known as a drive-by download attack. If the computer is vulnerable, a low-level piece of malicious software called a rootkit is slipped deep into the system.
The researchers found out that Torpig/Sinowal ends up on a system after it is first infected by Mebroot, a rootkit that appeared around December 2007.
Mebroot infects a computer's Master Boot Record (MBR), the first code a computer looks for when booting the operating system after the BIOS runs. Mebroot is powerful since any data that leaves the computer can be intercepted.
Mebroot can also download other code to the computer.
Torpig/Sinowal is customized to grab data when a person visits certain online banking and other Web sites. It is coded to respond to more than 300 Web sites, with the top targeted ones being PayPal, Poste Italiane, Capital One, E-Trade and Chase bank, the paper said.
If a person goes to a banking Web site, a falsified form is delivered that appears to be part of the legitimate site, but asks for a range of data a bank would not normally request, such as a PIN (personal identification number) or a credit card number.
Web sites using SSL (Secure Sockets Layer) encryption are not safe if used by a PC with Torpig/Sinowal, since the malicious software will grab information before it is encrypted, the researchers wrote.
Hackers typically sell passwords and banking information on underground forums to other criminals, who try to covert the data into cash. While it's difficult to precisely estimate the value of the information collected over the 10 days, it could be worth between $83,000 to $8.3 million, the research paper said.
There are ways to disrupt botnets such as Torpig/Sinowal. The botnet code includes an algorithm that generates domain names that the malware calls on for new instructions.
Security engineers have often been able to figure out those algorithms to predict which domains the malware will call on, and preregister those domains to disrupt the botnet. It is an expensive process, however. The Conficker worm, for example, can generate up to 50,000 domain names a day.
Registrars, companies that sell domain name registrations, should take a greater role in cooperating with the security community, the researchers wrote. But registrars have their own issues.
"With few exceptions, they often lack the resources, incentives or culture to deal with security issues associated with their roles," the paper said.
The original article can be viewed here:
网站名称：☆Obaby's H4cking W0rld☆
I am just searching for a new job,if u would like to provide one please send me an Email!
Any suggestion just Click this!
Subscribe in a reader（订阅本站文章）
作者：obaby来源：☆Obaby's H4cking W0rld☆
- 小熊远控2009 5.3 Release版
- QQ强制聊天器 批处理代码
- LibFetion 1.0 alpha 版本(Windows)
- 远程控制任我行 V10.5 绿色版 该版本拥有正向连接与反弹连接功能
- [国内BT]Windows 7 Build 7127 x86 官方简体中文二次封装
- 女生上课上网语音聊天 老师请她改打电话
- Windows Media Center 插件--在线 MTV
- 九城紧急维护魔兽世界 究竟会将魔兽国服领向何方
- 文件同步 GoodSync
- 电波怒汉万峰骂评杭州富家子飙车案 ZZ
- Friday Top 5: Most Reported Countries (Inaccessibi...
- www.google.co.ma HACKED
- 文件夹背景 Delphi源码
- Opera 10.0 Build 1491 Alpha
- 黑客盗取美国弗州830万人病历 勒索1000万美元
- Botnet probe turns up 70GB of personal, financial ...
- 中国最美女黑客现身网络 自曝月入15000元
- Hackers Break Into Virginia Health Professions Dat...
- DreamMail 126.96.36.199 两年后回归
- 我奋斗了18年不是为了和你一起喝咖啡 (zz)
- Learning from other's mistakes: Twitter Security
- 暴风影音 mps.dll OnBeforeVideoDownload()
- ▼ 五月 (55)