Researchers from the University of California, Santa Barbara, have published a report after taking over a massive botnet called Torpig aka Sinowal. The malware network was able to collect 56,000 passwords and hour as well as 70GB of financial and personal data.
The researchers found that most users reused passwords for multiple sites and that the malware was able to steal credit card numbers and bank logins. They were able to control the system for ten days before the malware was updated.
To crack the malware, the researchers noticed that the program would search for domains to attack. Sometimes the domains would be unregistered and the researchers registered those domains and masqueraded as a control node.
Soo if you are a researcher you can “legally” obtain 70Gb of user data, financial information and passwords from victims who are unknowingly infected by a botnet?
Well shit. All hackers should just call themselves researchers from now on if it is apparently legal.
They should have had the botnet release its grip on thousands of innocent PCs. I think if researchers are able to take control they should be able to disband the botnet all together.