The giant Mariposa botnet : three arrests in Spain
March 03rd, 2010 - 03:34 pm ET by J. G.
Spanish authorities have arrested three individuals accused of operating an immense botnet constituting more than 12.7 million zombie computers.
Three people in Spain behind the nicknamed Mariposa botnet, meaning butterfly in English, have been arrested. These three were operating the botnet which had more than 12.7 million computers under its control. They are suspected of being behind this vast computer network, risking up to six years in prison.
These three were considered as a little unusual in the sense that they didn’t have a lot of advanced technical knowledge in computer hacking. For Panda Security, who participated in the investigation, there is another aspect which is even more worrying: "This shows that the distribution of malware has become sophisticated and effective, allowing relatively inexperienced cybercriminals to cause major damage and financial loss".
First appearing at the end of 2008, the Mariposa botnet was shut and made inactive on the 23rd of December 2009. It was able to reach such a size thanks to the spread of a worm distributed via P2P networks, removable devices and MSN links. In the beginning, it was an Internet Explorer vulnerability which was exploited. More than 190 countries were affected, with more than half of the 1000 richest companies in the world making it onto the honour roll.
Once infected by Mariposa, the botmaster was able to install diverse malware onto the zombie computer. Cybercriminals were able to use the botnet to their advantage by stealing connection credentials and banking information.
To dismantle the botnet, a vast effort was undertaken with the help of Panda Security, the FBI and the Spanish police. The criminals were arrested due to certain traces which were left, notable that they recorded affected domains which were under the control of their. In this affair, the help of an Internet Service Provider was required.
Microsoft recently indicated that they had also managed to dismantle the Waledac botnet.