Torpig
Encyclopedia
Torpig, also known as Sinowal or Anserin (mainly spread together with Mebroot
rootkit), is a type of botnet
spread by a variety of trojan horses
which can affect computers that use Microsoft Windows
. Torpig circumvents anti-virus applications through the use of rootkit
technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer.
As of November 2008 it has been responsible for stealing the details of about 500,000 online bank accounts and credit and debit cards and is described as "one of the most advanced pieces of crimeware ever created".
In early 2009, a team of security researchers from University of California, Santa Barbara
took control of the botnet for ten days. During that time, they extracted an unprecedented amount (over 70 GB
) of stolen data and redirected 1.2 million IPs on to their private command and control server. The report goes into great detail about how the botnet operates.
Mebroot
Mebroot is an MBR based rootkit used by some botnets including Torpig.-External links:*, UCSB, April 2009* F-Secure Weblog, March 2008*, Prevx blog, April 2009* by GMER, January 2008...
rootkit), is a type of botnet
Botnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
spread by a variety of trojan horses
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
which can affect computers that use Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
. Torpig circumvents anti-virus applications through the use of rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer.
As of November 2008 it has been responsible for stealing the details of about 500,000 online bank accounts and credit and debit cards and is described as "one of the most advanced pieces of crimeware ever created".
In early 2009, a team of security researchers from University of California, Santa Barbara
University of California, Santa Barbara
The University of California, Santa Barbara, commonly known as UCSB or UC Santa Barbara, is a public research university and one of the 10 general campuses of the University of California system. The main campus is located on a site in Goleta, California, from Santa Barbara and northwest of Los...
took control of the botnet for ten days. During that time, they extracted an unprecedented amount (over 70 GB
Gigabyte
The gigabyte is a multiple of the unit byte for digital information storage. The prefix giga means 109 in the International System of Units , therefore 1 gigabyte is...
) of stolen data and redirected 1.2 million IPs on to their private command and control server. The report goes into great detail about how the botnet operates.
See also
- mebrootMebrootMebroot is an MBR based rootkit used by some botnets including Torpig.-External links:*, UCSB, April 2009* F-Secure Weblog, March 2008*, Prevx blog, April 2009* by GMER, January 2008...
- Drive-by downloadDrive-by downloadDrive-by download means three things, each concerning the unintended download of computer software from the Internet:# Downloads which a person authorized but without understanding the consequences Drive-by download means three things, each concerning the unintended download of computer software...
- PhishingPhishingPhishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
- Man in the BrowserMan in the BrowserMan-in-the-Browser , a form of Internet threat related to Man-in-the-Middle , is a trojan that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application...
- ConfickerConfickerConficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008...
a worm that also uses domain name generation (or domain flux) - Timeline of computer viruses and worms
External links
- One Sinowal Trojan + One Gang = Hundreds of Thousands of Compromised Accounts by RSA FraudAction Research Lab, October 2008
- Don't be a victim of Sinowal, the super-Trojan by Woody Leonhard, WindowsSecrets.com, November 2008
- Antivirus tools try to remove Sinowal/Mebroot by Woody Leonhard, WindowsSecrets.com, November 2008
- Taking over the Torpig botnet, UCSB, April 2009
- Torpig Botnet Hijacked and Dissected covered on Slashdot, May 2009
- How to Steal a Botnet and What Can Happen When You Do by Richard A. Kemmerer, GoogleTechTalks, September 2009