UCSB researchers hijack Torpig botnet

Researchers from the University of California took control of the Torpig botnet

A group of researchers recently hijacked and dissected a major botnet in an effort to better understand the workings of cyber crime.

The researchers from the University of California, Santa Barbara were able to take over the 'Torpig' botnet and observe the data collected by the malware over the course of 10 days.

In that time, the researchers estimate that they collected some 70GB of uploaded information from roughly 180,000 infected machines. The harvested information included bank details and system information.

The researchers said that the key to hijacking the botnet was to take advantage of the malware's "domain flux" component, which generates a list of possible command servers to contact.

By cracking the algorithm used to generate the domains, the researchers were able to guess possible future domains and set up a phony command server.

Once the botnet was hijacked, the researchers spent 10 days observing and gathering information, and were able to make several interesting observations.

In particular, the researchers noted that, although just 180,000 systems had been infected, more than 1.2 million IP addresses were logged. This calls in to question the accuracy of measuring the size of botnets by number of IP addresses.

The researchers also found that Torpig collects far more than just bank and credit card details. Data uploaded to the command server included user login credentials and email account data, suggesting that the botnet could also be used for spam runs.

In analysing the infected machines, researchers found that Torpig, like most malware, primarily preys on poorly-patched machines and lax security practices to build the botnet.

"This is evidence that the malware problem is fundamentally a cultural problem," wrote the researchers.

"Even though people are educated and understand concepts such as the physical security and the necessary maintenance of a car, they do not understand the consequences of irresponsible behaviour when using a computer."