Torpig, also known as Sinowal or Anserin (mainly spread together with Mebroot rootkit), is a type of botnet spread by a variety of trojan horses which can affect computers that use Microsoft Windows. Torpig circumvents anti-virus applications through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer.
As of November 2008 it has been responsible for stealing the details of about 500,000 online bank accounts and credit and debit cards and is described as "one of the most advanced pieces of crimeware ever created".[1]
In early 2009, a team of security researchers from University of California, Santa Barbara took control of the botnet for ten days. During that time, they extracted an unprecedented amount (over 70GB) of stolen data and redirected 1.2 million Ip's on to their private comand and control server. The report[2] goes into great detail about how the botnet operates.
See also
- mebroot
- Drive-by download
- Phishing
- Man in the Browser
- Conficker a worm that also uses domain name generation (or domain flux)
- Timeline of computer viruses and worms
References
External links
- One Sinowal Trojan + One Gang = Hundreds of Thousands of Compromised Accounts by RSA FraudAction Research Lab, October 2008
- Don't be a victim of Sinowal, the super-Trojan by Woody Leonhard, WindowsSecrets.com, November 2008
- Antivirus tools try to remove Sinowal/Mebroot by Woody Leonhard, WindowsSecrets.com, November 2008
- Taking over the Torpig botnet, UCSB, April 2009
- Torpig Botnet Hijacked and Dissected covered on Slashdot, May 2009
- How to Steal a Botnet and What Can Happen When You Do by Richard A. Kemmerer, GoogleTechTalks, September 2009