How to Steal a Botnet and What Can Happen When You Do

Google Tech Talk September 10, 2009 ABSTRACT Presented by Richard A. Kemmerer. Botnets, which are networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security threats on the Internet. A particularly sophisticated and insidious type of bot is Torpig, which is a malware program that is designed to harvest sensitive information (such as bank account and credit card data) from its victims. In this talk, we report on our efforts to take control of the Torpig botnet for ten days. Over this period, we observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected. While botnets have been hijacked before, the Torpig botnet exhibits certain properties that make the analysis of the data particularly interesting. First, it is possible (with reasonable accuracy) to identify unique bot infections and relate that number to the more than 1.2 million IP addresses that contacted our command and control server during the ten day period. This shows that botnet estimates that are based on IP addresses are likely to report inflated numbers. Second, the Torpig botnet is large, targets a variety of applications, and gathers a rich and diverse set of information from the infected victims. This allowed us to perform interesting data analysis that goes well beyond simply counting the number of stolen credit cards. In this talk we will discuss the analysis that we performed on the data collected …

Bookmark It

Recent Entries

• how do i buy domain names to sell?
• Want a Good domain and hosting provider?
• where is the best place to buy domain names ?
• How to get free domain and hosting?
• How hosting providers are selling us services?
• I am looking a best FREE domain hosting provider?
• SEO Help Videos – Get To #1 On Google
• Starting and Building an Online Business
• Monthly Web Hosting
• Great Newspaper Advertising

« Identifying Suspicious URLs: An Application of Large-Scale Online Learning

Can I buy domain names in bulk for cheaper than $7-$8 a name? »

This entry was posted on Wednesday, July 7th, 2010 at 12:00 pm and is filed under Domain Sales. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

25 Responses to “How to Steal a Botnet and What Can Happen When You Do”

1. JustinFromSydney Says:
   December 12th, 2009 at 3:04 pm

   torpig, torpig.
   Does what ever a torpig does.

2. ncodrington Says:
   December 12th, 2009 at 3:22 pm

   LOL

3. IPKMB Says:
   January 1st, 2010 at 5:20 pm

   I steal ppls bots day n night’ yo.

4. Lundt93 Says:
   January 4th, 2010 at 12:08 pm

   Nice small video u got there lol

5. shackaduck Says:
   January 12th, 2010 at 11:06 pm

   maybe we should go back in time and kill the guy that invented the virus

6. hostblank Says:
   January 20th, 2010 at 8:53 am

   The porn sites
   Innocent victims.
   onto the legitimate sites
   ROFL!!

7. OriginalDodmo Says:
   January 24th, 2010 at 9:38 pm

   I would be interested to hear the statistics regarding OS version / browser type that were gathered from this experiment?

8. justinaurelius Says:
   January 26th, 2010 at 6:39 am

   None are Apple.

9. OriginalDodmo Says:
   January 26th, 2010 at 2:01 pm

   @justinaurelius Inside knowledge?….
   or just Blind FanBoy Faith )
   Seriously though, the weak password, poor maintenance type user, easily caught by this sort of crap, is bound to bias the stats towards Windows/IE but it would be interesting to know if there were any Linux or Apple bots.

10. justinaurelius Says:
    January 26th, 2010 at 4:58 pm

    I’ve doen research, there was one recent attempt at getting a trojan onto an Apple – via a pirated version of Photoshop.
    Beyond that – nothing.

    As for fanboy – there are more obnoxious ‘dozer fanbois than Apple. Nothing will beat ‘nix when it comes to security.

11. MrWowzers9111 Says:
    January 30th, 2010 at 1:40 pm

    just a little video

12. reiser001 Says:
    January 31st, 2010 at 9:56 pm

    very interesting talk, thanks

13. CrimsonD1 Says:
    February 7th, 2010 at 6:57 am

    Botnets are a little to INSANE, I steer the fuck clear of those..

14. Cookiez255 Says:
    February 24th, 2010 at 10:08 am

    Very nice stuff.

15. globalko Says:
    March 3rd, 2010 at 3:00 pm

    I know the guy who got the “Main computer”
    It’s lots of computers millions locked up on it

16. seandell23 Says:
    March 14th, 2010 at 4:44 pm

    Very informative

17. riotinthecity Says:
    April 6th, 2010 at 11:04 am

    Very informative, you must’ve been nervous as hell before giving this speech lol

18. AolanApara Says:
    April 12th, 2010 at 4:29 am

    hmmcant seem to find a man who ill treat me like a princess

19. TheBatchGuy Says:
    May 7th, 2010 at 11:54 pm

    Wow. These fucking coders are damn good. Hahaha. Wow! That bot must have taken forever to build!

20. juryben Says:
    May 8th, 2010 at 5:04 pm

    the bin size must of been over 9000

21. barneygrumble Says:
    May 15th, 2010 at 5:32 am

    the same people that fight it build it. believe that

22. ESX888 Says:
    May 22nd, 2010 at 8:19 pm

    nice. but it’s funny that google doesn’t offer their speakers the option to use a remote slide advancer.

23. omaridotcom Says:
    June 8th, 2010 at 4:22 am

    big and bob

24. YellingSilently Says:
    June 18th, 2010 at 7:34 am

    @ESX888 there’s an app for that, but they wont use it.

25. optdestruct Says:
    June 21st, 2010 at 8:03 pm

    your videos are very long but pretty informative i like them =)