Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The researchers from the University of California Santa Barbara were able to take over the 'Torpig' botnet and observe the data collected by the malware over the course of ten days.
In that time, researchers estimate that they collected some 70GB worth of uploaded information from roughly 180,000 infected machines. The harvested information included bank details and system information.
The researchers said that the key to hijacking the botnet was to take advantage of the malware's "domain flux" component, which generates a list of possible command servers to contact. By cracking the algorithm used to generate the domains, the researchers were able to guess possible future domains and set up a phony command server.
Once the botnet was hijacked, the researcher spent ten days observing and gathering information on the botnet. In that time, they were able to make several interesting observations.
In particular, the researchers noted that though just 180,000 systems had been infected, more than 1.2 million IP addresses were logged. This, say the researchers, calls in to question the accuracy of measuring the size of botnets by number of IP addresses.
The researchers also found that Torpig collects far more than just bank and credit card details. Data uploaded to the command server included user login credentials and email account data, suggested that the botnet could also be used for spamming runs.
In analyzing the infected machines researchers found that Torpig, like most malware, primarily preyed on poorly-patched machines and lax security practices to build the botnet.
"This is evidence that the malware problem is fundamentally a cultural problem," wrote the researchers.
"Even though people are educated and understand well concepts such as the physical security and the necessary maintenance of a car, they do not understand the consequences of irresponsible behaviour when using a computer."
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.