Every 60 seconds 47,000 applications are downloaded off the internet! Evidently, most of us don't think twice about downloading a song, widget, app, image or even malware. Downloading is so second nature to us that a popular phishing scheme thrives on our carefree downloading reflex. Say hello to Torpig.
A "drive-by download" is when a website suddenly prompts you to do something, such as a "click here to close this ad." Many unsuspecting web surfers simply hit yes. Distributed mainly by drive-by download, the Torpig (or Sinowal) Trojan packs quite a punch.
Torpig can be tracked all the way back to 2006 but experienced its heyday in 2009 when researchers at the University of California, Santa Barbara cut it open to see all the moving parts. The Torpig Trojan has had many variations over the years but in its most nefarious form it is silent until called. By lodging itself in your Windows boot sequence it gains control over nearly every corner of your computer. Once it has infected your system, it is able to perform man in the browser attacks, lift your banking credentials, and relay information back to a command and control server.
"[It] is considered by security experts to be the most insidious and sophisticated piece of malware ever created. It hides below the operating systems, controls applications, and morphs all the time." - Michael Kassner
Torpig has been used extensively in capturing financial information for its victims. Because it experiences periodic updates, our labs see periodic resurgence of this botnet as it phishes for its next pay day.
For more information on Torpig and the botnets monitored 24/7 by our FortiGuard Labs team visit http://www.fortiguard.com/botnet