In 2009, researchers from the University of California, Santa Barbara, outsmarted the cybercriminals behind the notorious Torpig botnet. They uncovered critical knowledge about how this type of malware works. Learn how in this edition of Tech Time Warp.
Researchers first detected Torpig—also called ‘Sinowal’ and ‘Mebroot’—in 2007, and it targeted bank account and credit card information. During the researchers’ 10-day takeover of Torpig, they documented more than 180,000 infected devices and approximately 70 GB of stolen data, including 10,000 bank account and credit card numbers and other financial credentials. The researchers were able to nab 8,310 accounts from 410 different institutions. These included PayPal (1,770 accounts), Poste Italiane (765), Capital One (314), eTrade (304), and Chase (217).
Torpig spread via “drive-by downloading.” Hackers would install malicious code on a legitimate site—avoiding the skeezier outposts of the internet wasn’t enough to stay safe. The URL looked fine, and the signs of correct SSL configuration were present. Torpig’s alias was “Mebroot” because the rootkit infected the master boot record (MBR). A three-part algorithm redirected infected computers to a centralized download server. It incorporated the second letter of the day’s top Twitter search term. That server is where the machine became part of a botnet and is susceptible to remote control and data harvesting.
Understanding the cultural roots of botnet vulnerabilities
The Torpig takeover ended when the hackers updated Torpig’s binary code and started beating the researchers to register domains for the day’s activities. The “good guys” had seen enough to come to a damning conclusion. They stated, “… the victims of botnets are users with poorly maintained machines that choose easily guessable passwords to protect access to sensitive sites.” This is evidence that the malware problem is fundamentally a cultural problem. Even though people are educated and understand concepts such as physical security and the necessary maintenance of a car, they often fail to grasp the consequences of irresponsible behavior when using a computer. This lack of understanding contributes to the vulnerability of their digital security.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: totojang1977 / Shutterstock
