Thread: Windows reality - The Torpig botnet and LOTS of others out here
View Single Post
  #1  
Old May 7th 09, 07:27 AM posted to microsoft.public.win98.gen_discussion
MEB[_17_]
External Usenet User
  
Posts: 1,830
Default Windows reality - The Torpig botnet and LOTS of others out here

Yet another botnet is hacked from the outside, this one uses the boot
record/MBR to store the hack to take over Windows computers.

http://www.theregister.co.uk/2008/10...anking_trojan/

One Sinowal Trojan + One Gang = Hundreds of Thousands of Compromised
Accounts
http://www.rsa.com/blog/blog_entry.aspx?id=1378

Botnet hijack: Researchers dissect Torpig malware operation
http://threatpost.com/blogs/botnet-h...ware-operation

UC Santa Barbara
http://www.cs.ucsb.edu/~seclab/proje...pig/index.html

Analysis of Sinowal
http://web17.webbpro.de/index.php?pa...sis-of-sinowal
MEB NOTE: this hack has changed over time [its been around for around
four years or so], thinking it works in only one OS or group of OSs is
NOT a reasonable approach to inhibiting its expansion. The reason WHY is
it happens to be extremely successful and extremely difficult to detect
and remove. Numerous variants now exist.

Antivirus tools try to remove Sinowal/Mebroot
http://windowssecrets.com/2008/11/26...inowal-Mebroot

MBR/Mebroot/Sinowal/Torpig is back – better than ever
http://www.trustdefender.com/blog/20...ter-than-ever/

File eyu4vh.exe received on 01.05.2009 05:30:58 (CET)
http://www.virustotal.com/analisis/f...e7b6f1ead6bcec
MEB NOTE: the hack can be in several different forms, the above shows
one variant.

http://securityorb.com/blog/?cat=32

http://www.eweek.com/c/a/Security/MS...tack-Reloaded/

Storm Botnet Is Behind Two New Attacks
http://it.slashdot.org/it/07/08/26/1558245.shtml

Power Point 5 - botnets - PDF
http://www.cs.utexas.edu/~yzhang/tea...lides/5-10.pdf



--
~
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Diagnostics, Security, Networking
http://peoplescounsel.org
The *REAL WORLD* of Law, Justice, and Government
_______