How to Steal a Botnet and What Can Happen When You Do

71,875

Sign in or sign up now!

There is no Interactive Transcript.

Uploaded by GoogleTechTalks on Sep 21, 2009

Google Tech Talk
September 10, 2009

ABSTRACT

Presented by Richard A. Kemmerer.

Botnets, which are networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security threats on the Internet. A particularly sophisticated and insidious type of bot is Torpig, which is a malware program that is designed to harvest sensitive information (such as bank account and credit card data) from its victims. In this talk, we report on our efforts to take control of the Torpig botnet for ten days. Over this period, we observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected.

While botnets have been hijacked before, the Torpig botnet exhibits certain properties that make the analysis of the data particularly interesting. First, it is possible (with reasonable accuracy) to identify unique bot infections and relate that number to the more than 1.2 million IP addresses that contacted our command and control server during the ten day period. This
shows that botnet estimates that are based on IP addresses are likely to report inflated numbers. Second, the Torpig botnet is large, targets a variety of applications, and gathers a rich and diverse set of information from the infected victims. This allowed us to perform interesting data analysis that goes well beyond simply counting the number of stolen credit cards. In this talk we will discuss the analysis that we performed on the data collected and the lessons learned from the analysis, as well as from the process of obtaining (and losing) the botnet.

Category:

Science & Technology

License:

Standard YouTube License

348 likes, 10 dislikes

Top Comments

Flux Pavilion brought you here, didn't he?

ReadThisCommentOrDie 3 months ago 16
nice. but it's funny that google doesn't offer their speakers the option to use a remote slide advancer.

ESX888 1 year ago 10

see all

All Comments (111)

what is this? i got here by watching card counting videos lol

AricDaNinja 2 weeks ago
@m200Satan Your comments make sense. I was surprised when I found out about cookies, and then followed up and found, a security company, among others and sites I had visited infrequently had cookies in my computer. My understanding is these cookies are not secure, hold abundant info, perhaps the people developing them and installing them, have little technical expertise to protect them?, or perhaps no desire? I don't know what I agreed to in that 200 pg. document (lol).

crayonplane 4 weeks ago
@crayonplane The only reason nothing is done about hackers, is so Anti Virus companies can make money, Anti virus programs are pretty much useless. The average computer user doesn't have access to most of the bots on the web, the average user only has access to the FUD bot's, or "Fully Undetectable" Which means your AV can't detect it. Av is a money whoring program to scare people, most are virus' themselves

m200Satan 4 weeks ago
sometimes its hackers vs hackers lols

HackersMagic 1 month ago
@ReadThisCommentOrDie No, the guys in #bread did.

AxelsDawn 3 months ago
@stolendata And the other 5% are elitist faggots that think their somehow better.

bud389 4 months ago 2
i watched the whole video :)

MrKristoball 4 months ago
What is the point of paying for internet security? Obviously, if these guys want this computer, they will be getting it.

crayonplane 4 months ago

View all Comments »

How to Steal a Botnet and What Can Happen When You Do

Category:

Tags:

License:

Link to this comment:

Top Comments

All Comments (111)