Results 1 to 3 of 3
  1. #1
    5 Star Lounger ibe98765's Avatar
    Join Date
    Aug 2001
    Location
    Bay Area, California, USA
    Posts
    966
    Thanks
    19
    Thanked 4 Times in 4 Posts
    I thought this interesting. There are a lot of people with compromised computers!
    ==================
    Botnet hijacking reveals 70GB of stolen data

    Torpig uncovered
    By Dan Goodin in San Francisco

    Security researchers have managed to infiltrate the Torpig botnet, a feat that allowed them to gain important new insights into one of the world's most notorious zombie networks by collecting an astounding 70 GB worth of data stolen in just 10 days.

    During that time, Torpig bots stole more than 8,300 credentials used to login to 410 different financial institutions, according to the research team from the University of California at Santa Barbara. More than 21 percent of the accounts belonged to PayPal users. Overall, a total of almost 298,000 unique credentials were intercepted from more than 52,000 infected machines.

    ...

    In all, the researchers counted more than 180,000 infected PCs that connected from 1.2 million IP addresses. The data underscores the importance of choosing the right methodology for determining the actual size of a botnet and, specifically, not equating the number of unique IP addresses with the number of zombies. "Taking this value as the botnet size would overestimate the actual size by an order of magnitude," they caution.

    ...

    The report (PDF) (http://www.cs.ucsb.edu/~seclab/proje...pig/torpig.pdf) also documented an epidemic of lax password policy. Almost 28 percent of victims reused their passwords, it found. More than 40 percent of passwords could be guessed in 75 minutes or less using the popular John the Ripper password cracking program. ®

    Full article:
    http://www.theregister.co.uk/2009/05...rpig_hijacked/

  2. #2
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post
    I wonder if the "researchers" passed their detailed and specific findings on to any law enforcement agencies and/or individuals who may have been compromised, such as (from the article):
    One victim, an agent for an at-home, distributed call center, transmitted no fewer than 30 credit card numbers, presumably belonging to customers.

  3. #3
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Salt Lake City, Utah, USA
    Posts
    9,508
    Thanks
    0
    Thanked 6 Times in 6 Posts
    [quote name='Bigaldoc' post='773774' date='05-May-2009 02:08']I wonder if the "researchers" passed their detailed and specific findings on to any law enforcement agencies and/or individuals who may have been compromised, such as (from the article):
    One victim, an agent for an at-home, distributed call center, transmitted no fewer than 30 credit card numbers, presumably belonging to customers.
    [/quote]
    From the PDf at http://www.cs.ucsb.edu/~seclab/proje...pig/torpig.pdf

    4.2 Data Collection Principles
    During our collection process, we were very careful with the information that we gathered and with the commands that we provided to infected hosts. We operated our C&C servers based on
    previously established legal and ethical principles. In particular, we protected the victims according to the following:
    PRINCIPLE 1. The sinkholed botnet should be operated so that any harm and/or damage to victims and targets of attacks would be minimized.
    PRINCIPLE 2. The sinkholed botnet should collect enough information to enable notification and remediation of affected parties.
    This is scary stuff, for example Woody's comments on Torpig (Note, Windows Secrets site currently reports that it is down for "maintanance" (sic)), and the availability of of John the Ripper!
    -John ... I float in liquid gardens
    UTC -7±DS

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •