Researchers from the University of California, Santa Barbara, have published a report after taking over a massive botnet called Torpig aka Sinowal. The malware network was able to collect 56,000 passwords and hour as well as 70GB of financial and personal data.
The researchers found that most users reused passwords for multiple sites and that the malware was able to steal credit card numbers and bank logins. They were able to control the system for ten days before the malware was updated.
To crack the malware, the researchers noticed that the program would search for domains to attack. Sometimes the domains would be unregistered and the researchers registered those domains and masqueraded as a control node.