This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Analysis of a Botnet Takeover
January/February 2011 (vol. 9 no. 1)
pp. 64-72
Brett Stone-Gross, University of California, Santa Barbara
Marco Cova, University of California, Santa Barbara
Bob Gilbert, University of California, Santa Barbara
Richard Kemmerer, University of California, Santa Barbara
Christopher Kruegel, University of California, Santa Barbara
Giovanni Vigna, University of California Santa Barbara
Botnets, networks of malware-infected machines (bots) that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program designed to harvest sensitive information (such as bank account and credit-card data) from its victims. In this article, the authors report on their efforts to take control of the Torpig botnet and study its operations for a period of 10 days. During this time, they observed more than 180,000 infections and recorded almost 70 Gbytes of data that the bots collected. They also report on what happened in the year that has passed since they lost control of the Torpig botnet.

1. N. Provos and P. Mavrommatis, "All Your iFRAMEs Point to Us," Proc. 17th Usenix Security Symp., Usenix Assoc., 2008, pp. 1–15.
2. T. Holz et al., "Measuring and Detecting Fast-Flux Service Networks," Proc. 16th Network and Distributed System Security Symp., Internet Soc., 2008; www.isoc.org/isoc/conferences/ndss/08/papers 16_measuring_and_detecting.pdf.
3. M.A. Rajab et al., "My Botnet is Bigger than Yours (Maybe, Better than Yours): Why Size Estimates Remain Challenging," Proc. 1st Usenix Workshop on Hot Topics in Understanding Botnets, Usenix Assoc., 2007; www.usenix.org/event/hotbots07/tech/full_papers/ rajabrajab.pdf.
4. C. Kanich et al., "Spamalytics: An Empirical Analysis of Spam Marketing Conversion," Proc. 15th ACM Conf. Computer and Communications Security, ACM Press, 2008, pp. 3-14.
5. P. Ohm, D. Sicker, and D. Grunwald, "Legal Issues Surrounding Monitoring During Network Research (Invited Paper)," Proc. ACM Internet Measurement Conf., ACM Press, 2007, pp. 141-148.

Index Terms:
botnets, malware, malware analysis
Citation:
Brett Stone-Gross, Marco Cova, Bob Gilbert, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna, "Analysis of a Botnet Takeover," IEEE Security & Privacy, vol. 9, no. 1, pp. 64-72, Jan.-Feb. 2011, doi:10.1109/MSP.2010.144
Usage of this product signifies your acceptance of the Terms of Use.