Torpig Botnet Harvests Online Banking Credentials
In a post I did over the weekend, I talked about the fact that malicious code was not going to go away and it’s time to get rid of “username:/password:” log-in. It’s not safe.
As I mentioned in that post, the most secure way to authenticate the online banking customer is to put a HomeATM 2.0 Certified PIN Entry Device in their hands. ($12) The bank issues the card, the bank issues the PIN, and now, instead of toasters, the bank issues our device. End Result?: Complete 100% secure 2FA (two-factor authentication) log-in. What that means to the banks and their customers is virtual elimination of phishing (average cost $350) no threat of DNS Hijacking, cloned cards could no longer be used and essentially no more ID Theft, thus no more emptying of bank accounts.
Now, here comes a story about a botnet called Tropig (also known as Sinowa) a hard to detect malicious code used to infect PC’s and steal those very same username/password’s used at financial institutions. Don’t say I didn’t warn you that this would happen and this is just the beginning…the worst is yet to come.
Source: Computer World Complete item: Click Here
Description:
Researchers from the University of California gained control over a well-known and powerful network of hacked computers for 10 days, gaining insight into how it steals personal and financial data.
The botnet, known as Torpig or Sinowal, is one of the more sophisticated networks that uses hard-to-detect malicious software to infect computers and subsequently harvest data such as email passwords and online banking credentials.
The researchers were able to monitor more than 180,000 hacked computers by exploiting a weakness within the command-and-control network used by the hackers to control the computers. It only worked for 10 days, however, until the hackers updated the command-and-control instructions, according to the researchers’ 13-page paper.
Still, that was enough of a window to see the data-collecting power of Torpig/Sinowal. In that short time, about 70GB of data were collected from hacked computers.
The researchers stored the data and are working with law enforcement agencies such as the US Federal Bureau of Investigation, ISPs and even the US Department of Defence to notify victims. ISPs also have shut down some Web sites that were used to supply new commands to the hacked machines, they wrote.
Torpig/Sinowal can pilfer user names and passwords from email clients such as Outlook, Thunderbird and Eudora while also collecting email addresses in those programs for use by spammers. It can also collect user names and passwords from web browsers.
Torpig/Sinowal can infect a PC if a computer visits a malicious Web site that is designed to test whether the computer has unpatched software, a technique known as a drive-by download attack. If the computer is vulnerable, a low-level piece of malicious software called a rootkit is slipped deep into the system.
The researchers found out that Torpig/Sinowal ends up on a system after it is first infected by Mebroot, a rootkit that appeared around December 2007.
Mebroot infects a computer’s Master Boot Record (MBR), the first code a computer looks for when booting the operating system after the BIOS runs. Mebroot is powerful since any data that leaves the computer can be intercepted.
Mebroot can also download other code to the computer.
Torpig/Sinowal is customized to grab data when a person visits certain online banking and other websites. It is coded to respond to more than 300 websites, with the top targeted ones being PayPal, Poste Italiane, Capital One, E-Trade and Chase bank, the paper said.
If a person goes to a banking website, a falsified form is delivered that appears to be part of the legitimate site, but asks for a range of data a bank would not normally request, such as a PIN (personal identification number) or a credit card number.
Websites using SSL (Secure Sockets Layer) encryption are not safe if used by a PC with Torpig/Sinowal, since the malicious software will grab information before it is encrypted, the researchers wrote.
Hackers typically sell passwords and banking information on underground forums to other criminals, who try to covert the data into cash. While it’s difficult to precisely estimate the value of the information collected over the 10 days, it could be worth between US$83,000 to $8.3 million, the research paper said.
There are ways to disrupt botnets such as Torpig/Sinowal.
Editor’s Note: The easiest way to disrupt the botnet is to utilize HomeATM’s PCI 2.0 Certified SafeTPIN with 3DES end-to-end encryption (including the Track 2 data) and Protected by DUKPT key management. Use our device and you’ll have no worries. Either that or stop shopping online!
The botnet code includes an algorithm that generates domain names that the malware calls on for new instructions.
Security engineers have often been able to figure out those algorithms to predict which domains the malware will call on, and preregister those domains to disrupt the botnet. It is an expensive process, however. The Conficker worm, for example, can generate up to 50,000 domain names a day.
Registrars, companies that sell domain name registrations, should take a greater role in cooperating with the security community, the researchers wrote. But registrars have their own issues.
URL to see the Your Botnet is My Botnet Analysis of a Takeover report :
http://www.cs.ucsb.edu/~seclab/projects/torpig/index.html
ABSTRACT
Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security threats on the Internet. A particularly sophisticated and insidioustype of bot is Torpig, a malware program that is designed to harvestsensitive information (such as bank account and credit carddata) from its victims. In this paper, we report on our efforts totake control of the Torpig botnet for ten days. Over this period, we observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected. While botnets have been “hijacked” before, the Torpig botnet exhibits certain properties that make the analysis of the data particularly interesting. First, it is possible (with reasonable accuracy) to identify unique bot infectionsand relate that number to the more than 1.2 million IP addresses that contacted our command and control server. This shows that botnet estimates that are based on IP addresses are likely to report inflated numbers. Second, the Torpig botnet is large, targets a variety of applications, and gathers a rich and diverse set of information from the infected victims. This opens the possibility to perform interesting data analysis that goes well beyond simply counting the number of stolen credit cards.
1. INTRODUCTION
Malicious code (or malware) has become one of the most pressing security problems on the Internet. In particular, this is true for bots [3], a type of malware that is written with the intent of taking control over hosts on the Internet. Once infected with a bot, the victim host will join a botnet, which is a network of compromised machines that are under the control of a malicious entity, typically referred to as the botmaster. Botnets are the primary means for cyber criminals to carry out their nefarious tasks, such as sending spam mails [30], launching denial-of-service attacks [24], or stealing personal data such as mail accounts or bank credentials [14,32]. This reflects the shift from an environment in which malware was
developed for fun to the current situation, where malware is spread for financial profit.
Given the importance of the problem, significant research efforthas been invested to gain a better understanding of the botnet phenomenon [8, 29], to study the modus operandi of cyber criminals[19, 22], and to develop effective mitigation techniques [10, 11]. One popular approach to analyze the activities of a botnet is to join it (that is, to perform analysis from the inside). To achieve this, researchers typically leverage honeypots, honey clients, or spamtraps to obtain a copy of a malware sample. The sample is then executed in a controlled environment, which makes it possible to observe the traffic that is exchanged between the bot and its command and control (C&C) server(s). In particular, one can record the
commands that the bot receives and monitor its malicious activity.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=ae205849-0715-418e-983e-5f99a1324462)
naruto hentai comics…
Home- Hentai Videos- Anime- Movies- Tv Shows Isaku Respect vol. 2* Uncensored*…
The Simpsons Hentai - The Simpsons Porn - The Simpsons xxx…
Here is a very unique sort of Simpsons in shape of porn anime….
Casino 1273898772…
Casino 1273898772…
NARUTO HENTAI VIDEOS…
Home- Hentai Videos- Anime- Movies- Tv Shows Isaku Respect vol. 2* Uncensored*…
the simpsons hentai…
All exact, this is some hot shot for you… Ready with preludes furry cat soon wont hesitate to get on largest of ruttish candle and hop it while taking off all clothes and getting seted up to take her tasty feet of terrible wild fucking. Now sexy furr…
Family Guy xxx…
Hot family guy hentai sex adult family guy…
Recommended Sites…
[...]below you can check out my links page http://www.hemorrhoidtreatmentcurerelief.com/my-favourite-sites/ with some good websites that I think you should definitely go visit[...]…
Interesting Article…
[...]some interesting sites worth visitng. We recommend all our readers go and check these out[...]……
What is an eBook…
[...]the new electronic book format is taking the market by storm[...]…
About Dark Under Eye…
[...]Dark Under Eye is a leading provider of hydryolyze[...]…
Glucose Monitors…
[...]blood glucose levels are key to keeping a healthy body[...]…
Trackback…
[...]we find pleasure in linking to other places on the interwebz, even though those places don’t happen to be similar to us, by pointing them out. Here are a couple URLs worth browsing[...]…
Online Kasper Suits Petite…
[...]these are some listings to web pages which I connect to as we believe they really are definitely worth browsing[...]…
Get it…
[...]Here is another great site[...]…
Get it…
[...]Cool info[...]…
Catch it…
[...]Cool website[...]…
Get it…
[...]Here is another great site[...]…
Travel Deals…
[...]These following online sites are really numerous internet sites that interested our administrator, therefore make sure you have a look at them[...]…
The Best Cat Suits For Women…
[...]following are several references to internet sites which I link to since we think they really are definitely worth checking out[...]…
Alan Leong…
[...]It is a very nice page I come by while shopping for cheap stuff for my store. Very pretty.[...]…
Colon Cleanse Review Site…
[...]while the sites we link to below are completely unrelated to ours, we think they are worth a read, so have a look[...]…
Download Ebooks…
[...]sidebars in blogs can serve different purposes, check out how these sites use[...]…
OpenOffice Download…
[...]below are a handful of hyper-links to webpages that we connect to as we think there’re worthwhile visiting[...]…
Mens Health and Fitness…
[...]here are several links to sites that we link to because we think they are worth visiting[...]…
ICICI Money to India…
[...]listed here are a couple of url links to webpages we link to because we believe there’re worthwhile checking out[...]…
Acnezine - laser acne…
[...] the following are a couple of links to sites that we connect to simply because we believe they are simply worth visiting [...]…
Dan Garrett …
[...]here are some links to sites that we link to because we think they are worth visiting[...]…
Get it…
[...]Here is another great site[...]…
Online Kasper Suits Petite…
[...]listed below are several url links to internet websites which we connect to since we feel they will be seriously worth browsing[...]…
OpenOffice Download…
[...]here are a couple of web links to websites online I always connect to as we believe they really are worthwhile checking out[...]…
Official Colon Cleanse…
[...]here are some links to sites that we link to because we think they are worth visiting[...]…
Free Glucose Monitor…
[...]through the Diabetic Connect program[...]…
Face Wrinkles…
[...]smoothed out with hydroxatone’s patented formula[...]…
ICICI Money to India…
[...]listed here are several web page links to web sites that we link to as we think they are truly worth browsing[...]…
Cheapest Kasper Suits…
[...]below are several web links to internet websites which I link to as we believe these are worthwhile checking out[...]…
Review Site…
[...]the time to read or visit the content or sites we have linked to below the[...]…
Victoria Cole …
[...]Blackjack is one of the most widely played casinos baking game in this world[...]…
OpenOffice Download…
[...]here are a handful of url links to internet websites I always connect to since we think these are worth browsing[...]…
Travel Offers…
[...]couple of internet sites which are detailed under, through our mindset are surely truly worth checking out[...]…
Cheap Kasper Suits…
[...]listed here are several url links to online sites I always link to seeing as we believe they will be well worth checking out[...]…
OpenOffice Download…
[...]below are a couple of web links to web-sites that we connect to seeing that we feel they will be well worth checking out[...]…
Cheap Kasper Suits…
[...]what follows are a few url links to websites I always link to seeing as we think they will be well worth checking out[...]…
M1 Student Price…
[...]for sure. For sure, I would be buying a BlackBerry soon. I had assumed it would be compatible[...]…
Travel Offers…
[...]These following websites are actually a few sites that attracted our own admin, thus you should have a look at them[...]…
OpenOffice Download…
[...]these are a few web links to sites I always link to as we feel there’re well worth checking out[...]…
The Best Scholarships for Minorities…
[...]the following are a couple of web links to websites online I always link to seeing that we think they will be worth browsing[...]…
Get Scholarships for Minorities…
[...]these are several hyper-links to web pages which I link to as we feel there’re worth browsing[...]…
Lu Paredes …
[...]homeowners insurance Georgia is similar to insurance as we cover for our life gives us money safeguarding ourselves[...]…
Get Scholarships for Minorities…
[...]listed below are some web page links to places which I link to since we think they are seriously worth checking out[...]…
ICICI Money to India…
[...]in the following are a few urls to internet sites we connect to because we believe there’re truly worth checking out[...]…
Ali Young …
[...]The people may not able to get fear for the insurance agents and the companies may not be able to cheat the people[...]…
ICICI Money to India…
[...]here are several links to webpages that we connect to seeing that we believe they’re definitely worth browsing[...]…
The Best Scholarships for Minorities…
[...]following are a couple of url links to online websites which we connect to as we believe they are seriously worth browsing[...]…
ICICI Money to India…
[...]below are several listings to online sites that we connect to for the fact we think they are seriously worth checking out[...]…
Phoebe Mercer…
[...]Generally one product has realese in several times include so many thing of it[...]…
Get Scholarships for Minorities…
[...]right here are several web page links to online sites which I link to for the fact we believe these are really worth browsing[...]…
M1 BlackBerry…
[...]we found these web pages which are very cool. Hey, we also know their admins![...]…
Money for College-Scholarships for Minorities…
[...]below are a few web links to webpages I always link to since we believe there’re worthy of browsing[...]…
Discount Kasper Suits…
[...]these are a few references to internet websites we link to because we think these are seriously worth browsing[...]…
The Best Scholarships for Minorities…
[...]what follows are a handful of urls to internet sites that we link to because we feel there’re definitely worth browsing[...]…
Things You Should Know About…
[...]I operate a somewhat hot pop star gossip website, and to remain in the know, I utilize market pulse tools.Your property has been firing up time-tested Alexa triggers, and I figured I’d check it out and check if I could discover what all of the bu…
The Best Scholarships for Minorities…
[...]listed below are a couple of links to online sites which I connect to for the fact we think they are well worth browsing[...]…
Get Scholarships for Minorities…
[...]in the following are a couple of links to internet websites we connect to seeing as we believe they will be definitely worth visiting[...]…
Apply for Scholarships for Minorities…
[...]in the following are a few web links to internet pages we link to seeing as we think they are worth browsing[...]…
Ken…
[...]These products are available in different strengths. You can choose yours according to your problem[...]…
The Best Scholarships for Minorities…
[...]listed here are some links to web pages which we connect to for the fact we think they really are well worth visiting[...]…
[...] our site list of interesting sites on the web[...]…
[...] Top news, thought we could combine a few not related data, yet still worth looking!!![...]…
Money For College Scholarships for Minorities…
[...]listed below are several links to online websites that we link to seeing as we believe they are really worth checking out[...]…
CNA Certification…
[...]these are some fantastic sites that you should check out[...]…
Money For College Scholarships for Minorities…
[...]listed below are a handful of references to internet websites which I connect to since we think these are truly worth visiting[...]…
The best website……
[...]here are some links to sites that we link to because we think they are worth visiting[...]……
ghost movie…
[...]below you’ll find the link to some sites that we think you should visit[...]…
Get Scholarships for Minorities…
[...]in the following are a couple of listings to websites online we connect to seeing as we feel they will be worthy of checking out[...]…
Money for College-Scholarships for Minorities…
[...]below are a handful of references to internet websites which I connect to for the fact we think they are worthwhile visiting[...]…
Discount Kasper Suits…
[...]here are a few references to internet sites which we connect to for the fact we think they are worthy of checking out[...]…