Torpig
Torpig , also known as Sinowal or Anserin (is mainly distributed via Mebroot rootkit), is a botnet variant that is distributed by various Trojan horses that affect computers with Microsoft Windows . Torpig bypasses antivirus programs by using rootkits . The infected systems are scanned for access data and passwords and recorded using keyloggers . A man-in-the-middle attack is also possible.
history
In November 2008, the malware was responsible for spying on 500,000 accesses for online banking and credit cards in the United States. The software was called "one of the most advanced pieces of crimeware ever created" at the time.
In early 2009, a team of security experts from the University of California, Santa Barbara took control of the botnet for ten days. During this time, an unprecedented amount (over 70 GB ) of stolen data was discovered and 1.2 million IPs were redirected to the company's own Command & Control server. The report shows in detail how the botnet was operated.
See also
Individual evidence
- ↑ BBC News: Trojan virus steals bank info
- ↑ UCSB Torpig report ( Memento of the original from April 18, 2010 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
Web links
- One Sinowal Trojan + One Gang = Hundreds of Thousands of Compromised Accounts by RSA FraudAction Research Lab, October 2008
- Don't be a victim of Sinowal, the super-Trojan by Woody Leonhard, WindowsSecrets.com, November 2008
- Antivirus tools try to remove Sinowal / Mebroot by Woody Leonhard, WindowsSecrets.com, November 2008
- Taking over the Torpig botnet , UCSB, April 2009
- Torpig Botnet Hijacked and Dissected covered on Slashdot, May 2009
- How to Steal a Botnet and What Can Happen When You Do by Richard A. Kemmerer, GoogleTechTalks, September 2009