Your botnet is my botnet: analysis of a botnet takeover

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Your botnet is my botnet: analysis of a botnet takeover
Torpig botnet takeover.png
Botnet Torpig
Malware Mebroot
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2009 / 2009-11-09
Editor/Conference Department of Computer Science, University of California, Santa Barbara
Link https://seclab.cs.ucsb.edu/media/uploads/papers/torpig.pdf (Archive copy)
Author Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard A Kemmerer, Christopher Kruegel, Giovanni Vigna
Type

Abstract

Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is designed to harvest sensitive information (such as bank account and credit card data) from its victims. In this paper, we report on our efforts to take control of the Torpig botnet and study its operations for a period of ten days. During this time, we observed more than 180 thousand infections and recorded almost 70 GB of data that the bots collected.

While botnets have been “hijacked” and studied previously, the Torpig botnet exhibits certain properties that make the analysis of the data particularly interesting. First, it is possible (with reasonable accuracy) to identify unique bot infections and relate that number to the more than 1.2 million IP addresses that contacted our command and control server. Second, the Torpig botnet is large, targets a variety of applications, and gathers a rich and diverse set of data from the infected victims. This data provides a new understanding of the type and amount of personal information that is stolen by botnets.

Bibtex

 @misc{Stone-Gross2009BFR797,
   editor = {Department of Computer Science, University of California, Santa Barbara},
   author = {Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard A Kemmerer, Christopher Kruegel, Giovanni Vigna},
   title = {Your botnet is my botnet: analysis of a botnet takeover},
   date = {09},
   month = Nov,
   year = {2009},
   howpublished = {\url{https://seclab.cs.ucsb.edu/media/uploads/papers/torpig.pdf}},
 }