Security researchers at University of California, Santa Barbara have managed to infiltrate the Torpig botnet (also called Sinowal or Mebroot) allowed them to gain important new insights into one of the world’s most notorious zombie networks by collecting an astounding 70 GB worth of data stolen in just 10 days.
The researchers were able to hijack the botnet according to The Register by exploiting weaknesses in the way it updates the master control channels used to send individual machines new instructions. So-called domain flux techniques periodically generate a large list of domain names infected machines are to report to. Typically, the botnet operators use only one address, and all the others are ignored.
The primary goal of Torpig is to steal financial information like credit card numbers and bank logins. In just ten days, Torpig apparently obtained credentials of 8,310 accounts at 410 financial institutions. The researchers noted, too, that nearly 40 percent of the credentials stolen by Torpig were from browser password managers, and not actual login sessions.
The report also documented an epidemic of lax password policy. Almost 28 percent of victims reused their passwords, it found. More than 40 percent of passwords could be guessed in 75 minutes or less using the popular John the Ripper password cracking program.
For more on the botnet hijack, check out UC Santa Barbara’s Torpig project page.
