Skip to main content

Spread of the Torpig Flu

The Computer Security Group at UCSB recently released a report, "Your Botnet is My Botnet: Analysis of a Botnet Takeover", in which the authors hijacked the Torpig botnet for 10 days (basically by registering a fake command and control server that the infected machines contacted). This is a fascinating read and highly recommended.

The report is downright scary. The sophistication and reach of the Torpig botnet is remarkable. It installs modules into many common applications (Web browsers, email clients, IM clients) and steals information including passwords, email account information, credit card numbers, and the content of any Web form filled out by a user. This latter is noteworthy as it includes a tremendous amount of sensitive information, including the content of emails that have been sent by users on infected hosts. The authors of the report went so far as to inspect some of the content captured by the botnet and found nearly 300,000 username/password pairs; credentials for some 8,000 bank accounts; and 1,600 credit card accounts. This information was captured from 180,000 infected machines, and it's worth keeping in mind this is only in the span of ten days.

Another remarkable aspect of Torpig is that in most cases the user would have no idea this information was being captured. Since the botnet hides itself deep into the lowest levels of the system software, even information sent to trusted websites over secure SSL connections can be stolen by the botnet.

I don't tend to follow malware developments very closely, but this is a pretty big departure from the days of Code Red -- defacing websites seems fairly pedestrian compared to Torpig, which is capable of global scale information theft (not to mention financial mayhem). Should I feel safe because I only use Mac and Linux machines?



Comments

Popular posts from this blog

Why I'm leaving Harvard

The word is out that I have decided to resign my tenured faculty job at Harvard to remain at Google. Obviously this will be a big change in my career, and one that I have spent a tremendous amount of time mulling over the last few months.

Rather than let rumors spread about the reasons for my move, I think I should be pretty direct in explaining my thinking here.

I should say first of all that I'm not leaving because of any problems with Harvard. On the contrary, I love Harvard, and will miss it a lot. The computer science faculty are absolutely top-notch, and the students are the best a professor could ever hope to work with. It is a fantastic environment, very supportive, and full of great people. They were crazy enough to give me tenure, and I feel no small pang of guilt for leaving now. I joined Harvard because it offered the opportunity to make a big impact on a great department at an important school, and I have no regrets about my decision to go there eight years ago. But m…

Rewriting a large production system in Go

My team at Google is wrapping up an effort to rewrite a large production system (almost) entirely in Go. I say "almost" because one component of the system -- a library for transcoding between image formats -- works perfectly well in C++, so we decided to leave it as-is. But the rest of the system is 100% Go, not just wrappers to existing modules in C++ or another language. It's been a fun experience and I thought I'd share some lessons learned.

Why rewrite?

The first question we must answer is why we considered a rewrite in the first place. When we started this project, we adopted an existing C++ based system, which had been developed over the course of a couple of years by two of our sister teams at Google. It's a good system and does its job remarkably well. However, it has been used in several different projects with vastly different goals, leading to a nontrivial accretion of cruft. Over time, it became apparent that for us to continue to innovate rapidly wo…

Running a software team at Google

I'm often asked what my job is like at Google since I left academia. I guess going from tenured professor to software engineer sounds like a big step down. Job titles aside, I'm much happier and more productive in my new role than I was in the 8 years at Harvard, though there are actually a lot of similarities between being a professor and running a software team.

I lead a team at Google's Seattle office which is responsible for a range of projects in the mobile web performance area (for more background on my team's work see my earlier blog post on the topic). One of our projects is the recently-announced data compression proxy support in Chrome Mobile. We also work on the PageSpeed suite of technologies, specifically focusing on mobile web optimization, as well as a bunch of other cool stuff that I can't talk about just yet.

My official job title is just "software engineer," which is the most common (and coveted) role at Google. (I say "coveted&quo…