While You Were Sleeping
Posted on | May 14, 2009
Infected computers misbehave, sure, but have you ever wondered who’s running them? UC Santa Barbara managed a catch-and-release field analysis of the tech behind the compromising of a lot of our machines:
In a recent paper, the researchers describe how they “hijacked” the command-and-control system of botnet known as Torpig or Sinowal and held on to control for ten days, enough time to get a pretty good understanding of its crimes and how extraordinarily difficult it will be to ever shut it down.
A botnet is a network of PCs that have been infected with malicious programs that put them under the control of crooks, unbeknownst to the owners. The UCSB researchers discovered that Torpig commanded more than 180,000 Windows computers, about 65% on cable or DSL connections likely in the homes of average people like you and me.
Botnets are believed to be used mainly by organized crime groups to send spam, attack and shut down Web sites with floods of traffic, or steal personal data like financial-account information and passwords.
The UCSB researchers saw this and more. Torpig vacuumed up email-address and password pairs as well as information on 8,310 accounts at 410 institutions, including PayPal, Poste Italiane, Capital One, E*Trade, Chase and various social-networking sites. It staged phishing attacks to trick the PC owners to hand over even more sensitive information by serving up very legitimate looking, but fake, e-commerce Web sites. Of course, the researchers turned over the ten-day haul to the authorities so victims could be notified.
If that isn’t bad enough, Torpig also invaded its victims’ privacy by collecting emails they send. A sample of about 6,500 English messages showed “the victims of Torpig prepare for exams and worry about grades (5% of the messages), look for professional advice from doctors and lawyers (1%), play video games (2%), seek jobs and submit resumes (14%), are sport fans (6%), discuss money (7%), trade goods online (4%), exchange insults (0.1%), and look for sex or partners online (4%),” according to the report. Some 10% indicated concern about online security, but few suspected an actual infection.
That’s what you’re defending against. If your own computer is connected to the Internet—or ever has—then wrap that rascal!
