Hijacked botnet exposes startling online habits
By Stuart Turton
Posted on 5 May 2009 at 14:04
Researchers who hijacked a botnet for ten days earlier this year have revealed some startling information about the online habits of its victims.
In a research paper, the team from the University of California Santa Barbara explained how they took control of the Torpig botnet for ten days by exploiting a weakness in the way it contacts its command and control (C&C) server.
Torpig botnets generate a list of domains they plan to contact, with the C&C server hidden among them. The botnet then scours the domains until it identifies a valid control server. Once done it begins to download instructions.
However, not all of the domains the botnet generates are registered. By cracking the domain registration algorithm used by the botnet, the team were able to register their servers at potential domains. Then when the botnet came calling for new instructions, they simply identified themselves as the C&C server.
This tactic allowed them to hijack the botnet for ten days before the next update cut them off.
In that time, the researchers gathered some startling data. In all, the researchers counted more than 180,000 infected PCs collecting 70GB of information, including passwords and credit-card details.
More worryingly, also among the information obtained were the login details for 8,310 accounts at 410 financial institutions, including PayPal and Capital One.
The team also discovered that 28% of Torpig's victims reused their logins and passwords to access a total of 368,501 websites, making it a simple matter for scammers to break even further into their lives.
Through keyloggers and snooping software the botnet also recorded hundreds of email, forum and chat messages which "often contain detailed (and private) descriptions of the lives of their authors."
The paper claims that by analysing 6,542 messages, the team discovered that "the victims of Torpig prepare for exams and worry about grades (5% of the messages), look for professional advice from doctors and lawyers (1%), play video games (2%), seek jobs and submit resumes (14%), are sport fans (6%), discuss money (7%), trade goods online (4%), exchange insults (0.1%) and look for sex or partners online (4%)."
The team notes that the majority of Torpig's victims had been compromised due to poorly patched software and "easily guessable passwords".
"Even though people are educated and understand well concepts such as the physical security and the necessary maintenance of a car, they do not understand the consequences of irresponsible behaviour when using a computer," it concludes.
Following the outrage over the decision to purchase a 22,000 machine botnet to highlight the risks of malware, the idea of researchers rooting through stolen personal data from over 180,000 machines seems unlikely to impress privacy advocates.
- Huawei Ascend P6 review: first look
- Adobe Illustrator CC review: first look
- Let MPs tell us what they really want ISPs to block
- Adobe Photoshop CC review: first look
- WWDC 2013 and iOS 7 launch: live blog
- Sony VAIO Pro review: first look
- Want child porn blocked? Meet the IWF
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Facebook "click on the photo" scams: how they work
- Three alternatives to Word's spelling and grammar checker
- Google two-step verification: a must for business email
- Microsoft Office and the death of upgrades
- The ICO's shame-faced u-turn on cookies
- Start8 and ModernMix: making Windows 8 work on a desktop
- How to boost your mobile reception
- How to fix Facebook: Social Fixer
- Taking the stress out of WordPress updates
- Where to download free web fonts