The researchers of Santa Barbara University of California have published report of their ten days long takeover of Torpig (a.k.a. Sinowal,
Anserin) botnet took place at the beginning of 2009. Over this period, they observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected.
Collected data contained e.g. over 1,200,000 Windows passwords, over 54,000 mailbox account items and near 12,000,000 form data items which means the content of HTML forms submitted via POST requests by the victim’s browser.
Even more severe is that Torpig obtained credientals of over 8,310 accounts at 410 different financial institutions and 1,660 unique credit and debit card numbers.
"Quantifying the value of the financial information stolen by Torpig is an uncertain process because of the characteristics of the underground markets where it may end up being traded. A report by
Symantec indicated (loose) ranges of prices for common goods
and, in particular, priced credit cards between $0.10–$25 and bank
accounts from $10–$1,000. If these figures are accurate, in ten days
of activity, the Torpig controllers may have profited anywhere be-
tween $83k and $8.3M"
Complete report can be found here.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment