Torpig

Torpig, also known as Anserin or Sinowal is a type of

zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser

attacks.

By November 2008, it was estimated that Torpig had stolen the details of about 500,000

online bank accounts and credit and debit cards and was described as "one of the most advanced pieces of crimeware ever created".^[1]

History

Torpig reportedly began development in 2005, evolving from that point to more effectively evade detection by the host system and antivirus software.[2]

In early 2009, a team of security researchers from University of California, Santa Barbara took control of the botnet for ten days. During that time, they extracted an unprecedented amount (over 70 GB) of stolen data and redirected 1.2 million IPs on to their private command and control server. The report^[3] goes into great detail about how the botnet operates. During the UCSB research team's ten-day takeover of the botnet, Torpig was able to retrieve login information for 8,310 accounts at 410 different institutions, and 1,660 unique credit and debit card numbers from victims in the U.S. (49%), Italy (12%), Spain (8%), and 40 other countries, including cards from Visa (1,056), MasterCard (447), American Express (81), Maestro (36), and Discover (24).^[4]

Operation

Initially, a great deal of Torpig's spread was attributable to

Master Boot Record (MBR), the trojan will restart the computer.^[2]

During the main stage of the infection, the malware will upload information from the computer twenty minutes at a time, including financial data like credit card numbers and credentials for banking accounts, as well as e-mail accounts, Windows passwords, FTP credentials, and POP/SMTP accounts.^[4]

References

^ BBC News: Trojan virus steals bank info
^ ^a ^b Carnegie Mellon University. "Torpig". Archived from the original on 19 May 2015. Retrieved 25 July 2015.
^ UCSB Torpig report
^
ZDNet. Archived from the original
on 1 August 2015. Retrieved 1 August 2015.

External links

UCSB Analysis
One Sinowal Trojan + One Gang = Hundreds of Thousands of Compromised Accounts by RSA FraudAction Research Lab, October 2008
Don't be a victim of Sinowal, the super-Trojan by Woody Leonhard, WindowsSecrets.com, November 2008
Antivirus tools try to remove Sinowal/Mebroot by Woody Leonhard, WindowsSecrets.com, November 2008
Torpig Botnet Hijacked and Dissected covered on Slashdot, May 2009
How to Steal a Botnet and What Can Happen When You Do by Richard A. Kemmerer, GoogleTechTalks, September 2009

[1] BBC News: Trojan virus steals bank info

[CMU-2] Carnegie Mellon University. "Torpig". Archived from the original on 19 May 2015. Retrieved 25 July 2015.

[3] UCSB Torpig report

[NaraineInside-4] 
ZDNet. Archived from the original
on 1 August 2015. Retrieved 1 August 2015.

[1]

[3]

[4]

[2]

v t e Botnets
Notable botnets	3ve Akbot Asprox Bagle BASHLITE Bredolab Cutwail Conficker Donbot Festi Grum Gumblar Kelihos Koobface Kraken Lethic Mariposa Mega-D Mirai Metulji Nitol Rustock Sality Slenfbot Srizbi Storm TDL-4 Torpig Virut Vulcanbot Waledac ZeroAccess Zeus
Main articles	Browser security Computer virus Computer worm Malbot Internet security Malware Man-in-the-browser Network security Operation: Bot Roast Trojan horse

Torpig

History

Operation

See also

References

Further reading

External links