Botnets, networks of malware-infected machines (bots) that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program designed to harvest sensitive information (such as bank account and credit-card data) from its victims. In this article, the authors report on their efforts to take control of the Torpig botnet and study its operations for a period of 10 days. During this time, they observed more than 180,000 infections and recorded almost 70 Gbytes of data that the bots collected. They also report on what happened in the year that has passed since they lost control of the Torpig botnet.
@article{Stone-Gross2011Analysis_of,
title = {{Analysis of a Botnet Takeover}},
author = {Stone-Gross, Brett and Cova, Marco and Gilbert, Bob and Kemmerer, Richard and Kruegel, Christopher and Vigna, Giovanni},
month = {January},
year = {2011},
issn = {1540-7993},
journal = {IEEE Security Privacy},
number = {1},
pages = {64--72},
volume = {9}
}