Botnet plunders 70GB of personal and financial data in 10 days

Researchers from the University of California managed to hack into the command-and-control network used by hackers to manage an 180,000 strong botnet. In the short 10 days that they had access to the Torpig botnet, they observed some 70GB of personal and financial data being plundered from compromised machines.

Some of the data that the botnet targets are the user names and passwords from standard email clients such as Outlook, Thunderbird and Eudora. What's more, email addresses were simultaneously collected for distribution to spammers.

What is scarier is how the Torpig botnet has been specifically designed to do a data grab when users visit certain websites, such as PayPal, E-Trade and Chase bank (to name a few of the 300 websites spied upon). It can also deliver a falsified data-collection form when a user attempts to bank online, which prompts users for additional data not normally requested, such as a PIN or credit card number. It can also collect passwords stored in web browsers.

While the researchers are now working with law enforcement agencies and ISPs to notify victims, this news is a sobering reminder to exercise perpetual vigilance against security threats. In the context of such data mining malware, the only acceptable security for online banking would be two-factor authentication.

For more on this story:
- check out this article at Computerworld

Related Articles:
Botnets getting harder to find and fight
New botnet targets home routers and modems
Botnet mastermind sentenced to four years
New anti-virus software from Panda scans in the clouds