Botnet Hijacking Steals 70GB of Data

May 5, 2009 by John Messina weblog

( -- Security researchers have uncovered one of the most notorious zombie networks, the Torpig botnet, by collecting 70GB of data that was stolen in just 10 days.

Torpig bots stole over 8,300 credentials that was used to login to 410 financial institutions. More than 21 percent were accounts. This brings a total of almost 298,000 unique credentials that were intercepted from over 52,000 infected machines.

Torpig's secret behind siphoning data from computers is by infecting programs such as Mozilla Thunderbird, Microsoft Outlook, Skype, ICQ, and other applications, by monitoring every keystroke. Every 20 minutes, the malware automatically uploads new data to servers. The software is then able to intercept passwords before they may be encrypted by secure sockets layer or other programs.

The security researchers were able to hijack the after discovering weaknesses in the way it updates the master control channels that are used to send new instructions to the infected computers. A technique know as domain flux sporadically generates a large list of of computers to report to but only uses one address, ignoring all the others.

The researchers were able to monitor the botnet's behavior over a period of 10 days by registering one of the domain names on the list and seizing control of the machine. The hijackers eventually gain back control of the machine by using a backdoor built into the infected .

In all researchers counted over 180,000 infected computers that connected from 1.2 million IP addresses.

Torpig gains control of a computer by rewriting the hard drive's master boot record. As a result, control of a computer is gained during the early stages of a PC's boot process, allowing it to bypass anti-virus and other .

© 2009

Explore further: Downadup Worm Hits Over 3.5 Million Computers

Related Stories

Downadup Worm Hits Over 3.5 Million Computers

January 16, 2009

( -- Security firm F-Secure has advised that the Downadup worm has spread to more than 3.5 million computers by exploiting a vulnerability Microsoft patched last October. This is achieved by trying to connect ...

Help! How to avoid fast-moving computer worm

January 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

Conficker Worm Prepares For A New Release On April 1

March 27, 2009

( -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over 8 million business ...

Huge computer worm Conficker stirring to life

April 9, 2009

(AP) -- The dreaded Conficker computer worm is stirring. Security experts say the worm's authors appear to be trying to build a big moneymaker, but not a cyber weapon of mass destruction as many people feared.

Recommended for you

Microsoft aims at Apple with high-end PCs, 3D software

October 26, 2016

Microsoft launched a new consumer offensive Wednesday, unveiling a high-end computer that challenges the Apple iMac along with an updated Windows operating system that showcases three-dimensional content and "mixed reality."

Making it easier to collaborate on code

October 26, 2016

Git is an open-source system with a polarizing reputation among programmers. It's a powerful tool to help developers track changes to code, but many view it as prohibitively difficult to use.

Dutch unveil giant vacuum to clean outside air

October 25, 2016

Dutch inventors Tuesday unveiled what they called the world's first giant outside air vacuum cleaner—a large purifying system intended to filter out toxic tiny particles from the atmosphere surrounding the machine.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.