Taking over the torpig botnet
november 13th, 2009
In this paper, we report on our efforts to take control of the Torpig botnet and study its operations for a period of ten days. During this time, we observed more than 180 thousand infections and recorded almost 70 GB of data that the bots col- lected. While botnets have been “hijacked” and studied previously, the Torpig botnet exhibits certain properties that make the analysis of the data particularly interesting. First, it is possible (with rea- sonable accuracy) to identify unique bot infections and relate that number to the more than 1.2 million IP addresses that contacted our command and control server.
The paper may be downloaded at http://www.cs.ucsb.edu/%7Eseclab/projects/torpig/torpig.pdf
Twitter highlights
RT @areusecure Link to the #SANS #Computer #forensics #challenge (no 6). http://computer-forensics.sans.org/challenges/: Link to the #...3 months ago from twitterfeed
Link to the #SANS #Computer #forensics #challenge (no 6). http://computer-forensics.sans.org/challenges/3 months ago from Twitter for iPhone
Woke up 7am with baby Edwin kicking and clinging to my face. Work this morning. I've sent my entry to the #SANS Forensic/Malware competition3 months ago from Twitter for iPhone
Work Work Work! Maltego 3 is released today (http://paterva.com/maltego). Have to find the time to play with it later this evening. #maltego3 months ago from Twitter for iPhone
Google Chrome, not secure after all.. pwned! http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html3 months ago from Twitter for iPhone
@mubix Thanks, I replied a couple of minutes ago. Interesting stuff.3 months ago from Twitter for iPhone
RT @areusecure: Final release of OllyDbg 2.0! http://ollydbg.de/version2.html3 months ago from UberTwitter