Issue No. 01 - January/February (2011 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.144
Brett Stone-Gross , University of California, Santa Barbara
Marco Cova , University of California, Santa Barbara
Bob Gilbert , University of California, Santa Barbara
Richard Kemmerer , University of California, Santa Barbara
Christopher Kruegel , University of California, Santa Barbara
Giovanni Vigna , University of California Santa Barbara
Botnets, networks of malware-infected machines (bots) that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program designed to harvest sensitive information (such as bank account and credit-card data) from its victims. In this article, the authors report on their efforts to take control of the Torpig botnet and study its operations for a period of 10 days. During this time, they observed more than 180,000 infections and recorded almost 70 Gbytes of data that the bots collected. They also report on what happened in the year that has passed since they lost control of the Torpig botnet.
botnets, malware, malware analysis
M. Cova, R. Kemmerer, G. Vigna, C. Kruegel, B. Gilbert and B. Stone-Gross, "Analysis of a Botnet Takeover," in IEEE Security & Privacy, vol. 9, no. , pp. 64-72, 2010.