Slashdot Mirror


Torpig Botnet Hijacked and Dissected

An anonymous reader writes "A team of researchers at UC Santa Barbara have hijacked the infamous Torpig botnet for 10 days. They have released a report (PDF) that describes how that was done and the data they collected. They observed more than 180K infected machines (this is the number of actual bots, not just IP addresses), collected 70GB of data stolen by the Torpig trojan, extracted almost 10K bank accounts and credit card numbers worth hundreds of thousands of dollars in the underground market, and examined the privacy threats that this trojan poses to its victims. Considering that Torpig has been around at least since 2006, isn't it time to finally get rid of it?"

3 of 294 comments (clear)

  1. uuh..yeah. by Anonymous Coward · · Score: 5, Interesting

    why dont they just send a self destruct/uninstall command and kill it or would that be too simple ?

    1. Re:uuh..yeah. by phantomcircuit · · Score: 4, Interesting

      Actually base64 and XOR is the obfuscation algorithm used for the configuration file. There is a separate encryption algorithm present that is entirely custom and which nobody has yet to break (although im guessing nobody has done a serious cryptanalysis either).

  2. Suggested punishment by rossz · · Score: 4, Interesting

    How about we make the punishment for infecting a computer $100 and one day in jail for each system you infect. This way, someone who does something stupid but isn't actually malicious pays a few hundred dollars and spends a few days in jail while the real criminals pay big bucks and spend years in jail. For 180k systems, that's an eighteen million dollar fine and nearly five hundred years of jail time.

    Of course, the problem is catching these bastards who tend to live in countries where the government doesn't care or is actively involved in these illegal activities (I'm looking at you Russia).

    --
    -- Will program for bandwidth