Here is a one hour video lecture from Google about botnet attacks and phising scams using mebroot rootkit(A rootkit is a software program or coordinated set of programs designed to gain control over a computer system or network of computing systems without being detected.). I request my members to go through such video lecture to gain knowledge about this intelligent threat. As of November 2008 torpig botnet attack has been responsible for stealing the details of about 500,000 online bank accounts and credit and debit cards and is described as “one of the most advanced pieces of crimeware ever created”
Botnets, which are networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security threats on the Internet. A particularly sophisticated and insidious type of bot is Torpig, also known as Sinowal or Anserin (mainly spread together with Mebroot rootkit), is a type of botnet spread by a variety of trojan horses which can affect computers that use Microsoft Windows. Torpig circumvents anti-virus applications through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer. In this talk, we report on our efforts to take control of the Torpig botnet for ten days. Over this period, we observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected.
While botnets have been hijacked before, the Torpig botnet exhibits certain properties that make the analysis of the data particularly interesting. First, it is possible (with reasonable accuracy) to identify unique bot infections and relate that number to the more than 1.2 million IP addresses that contacted our command and control server during the ten day period. This shows that botnet estimates that are based on IP addresses are likely to report inflated numbers. Second, the Torpig botnet is large, targets a variety of applications, and gathers a rich and diverse set of information from the infected victims. This allowed us to perform interesting data analysis that goes well beyond simply counting the number of stolen credit cards. In this talk we will discuss the analysis that we performed on the data collected and the lessons learned from the analysis, as well as from the process of obtaining (and losing) the botnet.