Results 1 to 3 of 3
2009-05-04, 21:12 #1
- Join Date
- Aug 2001
- Bay Area, California, USA
- Thanked 4 Times in 4 Posts
I thought this interesting. There are a lot of people with compromised computers!
Botnet hijacking reveals 70GB of stolen data
By Dan Goodin in San Francisco
Security researchers have managed to infiltrate the Torpig botnet, a feat that allowed them to gain important new insights into one of the world's most notorious zombie networks by collecting an astounding 70 GB worth of data stolen in just 10 days.
During that time, Torpig bots stole more than 8,300 credentials used to login to 410 different financial institutions, according to the research team from the University of California at Santa Barbara. More than 21 percent of the accounts belonged to PayPal users. Overall, a total of almost 298,000 unique credentials were intercepted from more than 52,000 infected machines.
In all, the researchers counted more than 180,000 infected PCs that connected from 1.2 million IP addresses. The data underscores the importance of choosing the right methodology for determining the actual size of a botnet and, specifically, not equating the number of unique IP addresses with the number of zombies. "Taking this value as the botnet size would overestimate the actual size by an order of magnitude," they caution.
The report (PDF) (http://www.cs.ucsb.edu/~seclab/proje...pig/torpig.pdf) also documented an epidemic of lax password policy. Almost 28 percent of victims reused their passwords, it found. More than 40 percent of passwords could be guessed in 75 minutes or less using the popular John the Ripper password cracking program. ®
2009-05-05, 04:08 #2
- Join Date
- Oct 2001
- Lexington, Kentucky, USA
- Thanked 1 Time in 1 Post
I wonder if the "researchers" passed their detailed and specific findings on to any law enforcement agencies and/or individuals who may have been compromised, such as (from the article):
One victim, an agent for an at-home, distributed call center, transmitted no fewer than 30 credit card numbers, presumably belonging to customers.
2009-05-05, 13:30 #3
- Join Date
- Dec 2000
- Salt Lake City, Utah, USA
- Thanked 6 Times in 6 Posts
[quote name='Bigaldoc' post='773774' date='05-May-2009 02:08']I wonder if the "researchers" passed their detailed and specific findings on to any law enforcement agencies and/or individuals who may have been compromised, such as (from the article):One victim, an agent for an at-home, distributed call center, transmitted no fewer than 30 credit card numbers, presumably belonging to customers.[/quote]
From the PDf at http://www.cs.ucsb.edu/~seclab/proje...pig/torpig.pdf
4.2 Data Collection PrinciplesThis is scary stuff, for example Woody's comments on Torpig (Note, Windows Secrets site currently reports that it is down for "maintanance" (sic)), and the availability of of John the Ripper!
During our collection process, we were very careful with the information that we gathered and with the commands that we provided to infected hosts. We operated our C&C servers based on
previously established legal and ethical principles. In particular, we protected the victims according to the following:
PRINCIPLE 1. The sinkholed botnet should be operated so that any harm and/or damage to victims and targets of attacks would be minimized.
PRINCIPLE 2. The sinkholed botnet should collect enough information to enable notification and remediation of affected parties.-John ... I float in liquid gardens