Security researchers claim that they have uncovered crucial information on the workings of one of the world’s biggest botnets after hijacking as much as 70GB of data in just 10 days.
The information has allowed researchers to discover key details on the workings of the notorious Torpig botnet, a network of zombie computers used to collect sensitive user information such as credit card details and login information.
Within the data, researchers found more than 297,000 unique login credentials (defined as a username and password pair) from 52,540 unique machines infected with the Torpig virus. More than 8,200 of these were for Google profiles whilst login credentials for Facebook, Myspace, Yahoo and Italian ISP Alice also featured prominently.
To capture the information, the Torpig virus attaches itself to programmes such as Mozilla Thunderbird, Skype, Microsoft Outlook, ICQ, Internet Explorer and Firefox. After monitoring keystrokes, the malware automatically uploads new data to servers controlled by the authors eery 20 minutes. Researchers also found that due to the discreet way in which it operates, Torpig is able to capture information before it is encrypted by secure socket layer (SSL).
The report also highlighted a notable lax attitude towards password security from the users of infected machines, with 28% of users using the same login credentials for several sites or services. The authors of the report suggested that users were not taking enough steps to prevent themselves from malware, such as secure passwords or updated antivirus software.
“The victims of botnets are users with poorly maintained machines that choose easily guessable passwords to protect access to sensitive sites,” stated the report. “This is evidence that the malware problem is fundamentally a cultural problem.
“Even though people are educated and understand well concepts such as the physical security and the necessary maintenance of a car, they do not understand the consequences of irresponsible behaviour when using a computer. Therefore, in addition to novel tools and techniques to combat botnets and other forms of malware, it is necessary to better educate the Internet citizens so that the number of potential victims is reduced.
