Security researchers at University of California, Santa Barbara have broken into the nerve center of the Torpig botnet (also called Sinowal or Mebroot) to find a ten-day stash of 10,000 bank accounts and credit card numbers worth hundreds of thousands of dollars. The botnet was built using a MBR (master boot record) rootkit that executes at boot time, before the operating system is loaded. The top targeted institutions were PayPal (1,770 accounts), Poste Italiane (765), CapitalOne (314), E*Trade (304), and Chase(217)
Source: https://threatpost.com/botnet-hijack-researchers-dissect-torpig-malware-operation-050409/72625/