Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Chris Kruegel, Giovanni Vigna of the Security Group Department of Computer Science University of California in Santa Barbara hacked into a botnet called Torpig.
Torpig gathers credit card, bank accounts and other sensitive data and sends it to criminals. The botnet had stolen 70 GB of data.
The security group took advantage of the open, decentralized nature of peer-to-peer to infiltrate it. Victims are infected by drive-by-download attacks.
They use phishing sites and advertise them on google, facebook, myspace and other popular sites. They also use email. To hijack the botnet they exploited a vulnerability in the way the malware generates a list of domains it contacts.
Not becoming a victim in the first place is the most ideal situation, however. The researchers concluded that victims of botnets are usually those with poorly maintained machines and who choose “easily guessable” passwords. ” This is evidence that the malware problem is fundamentally a cultural problem,” reads the report. “Even though people are educated and understand well concepts such as the physical security and the necessary maintenance of a car, they do not understand the consequences of irresponsible behavior when using a computer.” – Jacqui Chen