Torpig
From Wikipedia, the free encyclopedia
Please help improve this article or section by expanding it. Further information might be found on the talk page. (May 2007) |
Torpig, also known as Sinowal or Anserin (mainly spread together with Mebroot rootkit), is a type of botnet spread by a variety of Trojan horses which can affect computers that use Microsoft Windows. Torpig circumvents anti-virus applications through the use of rootkit technology and data mines the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer.
As of November 2008 it has been responsible for stealing the details of about 500,000 online bank accounts and credit and debit cards and is described as "one of the most advanced pieces of crimeware ever created".[1]
In early 2009, a team of security researchers from UCSB took control of the botnet for ten days. During that time, they extracted an unprecedented amount (over 70GB) of stolen data. The report[2] goes into great detail about how the botnet operates.
[edit] References
- ^ BBC News: Trojan virus steals bank info [1]
- ^ UCSB Torpig report
[edit] See also
- mebroot
- Drive-by download
- Phishing
- Man in the Browser
- Conficker a worm that also uses domain name generation (or domain flux)
- Timeline of computer viruses and worms
[edit] External links
- One Sinowal Trojan + One Gang = Hundreds of Thousands of Compromised Accounts by RSA FraudAction Research Lab, October 2008
- Don't be a victim of Sinowal, the super-Trojan by Woody Leonhard, WindowsSecrets.com, November 2008
- Antivirus tools try to remove Sinowal/Mebroot by Woody Leonhard, WindowsSecrets.com, November 2008
- Taking over the Torpig botnet, UCSB, April 2009
- Torpig Botnet Hijacked and Dissected covered on Slashdot, May 2009