

Let's hijack a botnet and see what we get: 1million IPs, 100k bots, 70GB of data - agotterer
http://themomoblog.com/latest-on-torpig-banking-trojan.htm

======
antimatter15
Looking at the other posts on this blog, there's clearly something fishy going
on. The source code uses some blackhat SEO and I could find an identical
article [http://www.articlesbase.com/small-business-
articles/latest-o...](http://www.articlesbase.com/small-business-
articles/latest-on-torpig-banking-trojan--908089.html) (though I doubt that
one's original either) that dates to 1.5 years earlier.

Someone should delete this link (or at least rel=nofollow) now because the
fact hackernews is linking to this promotes that issue with SEO baiters taking
over Google.

~~~
agotterer
Sorry everyone. Read the article and thought it was interesting. I'm not
associated with this site. If anyone has the original link, please post it so
a mod can update.

~~~
Dylan16807
Throwing torpig and one of the numbers from the article into a search gets a
likely source.

[http://news.softpedia.com/news/Researchers-Peak-Inside-
the-T...](http://news.softpedia.com/news/Researchers-Peak-Inside-the-Torpig-
Trojan-Infrastructure-110768.shtml)

Not quite as entertaining, though, without the line "In under 75 summary, thе
program wаѕ аblе tο renovate уουr health 40% through dictionary attacks."

------
raphman
FWIW: The original paper is from 2009 and can be downloaded at
<http://www.cs.ucsb.edu/~seclab/projects/torpig/>

edit: <http://news.ycombinator.com/item?id=593246>

------
wingo
"Let's run an article through a computer translator and back and see what we
get..."

~~~
qjz
What is the story behind the source code at that site? It looks like letters
have been randomly replaced by look-alike HTML entities, but to what end?

~~~
cyanbane
would it throw off adsense, making other terms stand out?

~~~
Nycto
I was thinking they were trying to fool duplicate content detection
algorithms. Make it look unique and you might get higher search engine
ranking.

~~~
ddemchuk
That's exactly what they're doing, this is most likely an autoblog. Its an
older content spam technique that works surprisingly well

------
dotBen
I'm wondering what the legal and ethical stances are on accessing botnots?

Technically, the researches didn't "hack" into the infected computers because
they registered a domain they calculated would be next up on their flux algo.

But none the less, they were receiving all kinds of sensitive.

Finally, I also wonder whether they didn't shut down the bot net (or change
the flux algo, to prevent the gang regaining control)?

~~~
jeza
The article mentions that the botnet's owners regained control after ten days.
So it seems they did not get the chance to destroy it.

