Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
An analysis of the dismantled Mariposa botnet has revealed that it consisted of 13 million infected PCs spanning 190 countries and 31,901 cities worldwide, according to anti-virus vendor Panda Security. The botnet, which took its name from the Spanish word for 'butterfly', infected PCs from almost every country around the world, stealing account information for social media sites, online email services, usernames and passwords, banking credentials, and credit card data, according to Panda. Compromised IP addresses included personal, corporate, government and university computers. “It's huge,” Christopher Davis, CEO for information security firm Defence Intelligence, which first discovered Mariposa, told SCMagazineUS.com. “It's certainly one of the biggest [botnets] I have ever seen.” The top five countries, by number of Mariposa-infected computers, were India, Mexico, Brazil, Korea and Colombia, according to Panda. The investigation into the botnet is still ongoing, but preliminary calculations of the losses through fraud, financial theft, data loss and cleanup costs are already estimated to be in the millions of dollars, Sean-Paul Correll, threat researcher at Panda, told SCMagazineUS.com. “The primary motivation in cases like these is for the cybercriminals to reap financially,” he said. After Mariposa was discovered last May, a group of international security experts and law enforcement agencies joined forces and formed what they called the Mariposa Working Group to disarm the botnet and prosecute the offenders. Members of the working group were able to take control of the botnet's command-and-control structure that allowed attackers to relay information to and from compromised computers. The group then coordinated a worldwide shutdown of the botnet that occurred on December 23. “It was a really good coordination between companies that have to make money, researchers that don't really care about making money and law enforcement who can't really share what they are doing with us,” Davis said. As a result of the collaboration, the primary botnet operators, nicknamed “Netkairo” and “hamlet1917”, as well as their partners “Ostiator” and “Johnyloleante”, were arrested by Spanish law enforcement earlier this month. In addition, members of the working group were able to redirect all bots to communicate with a server controlled by the group. This allowed security researchers to conduct the analysis of the botnet. The malware was designed to spread through USB drives, instant messenger programs and on peer-to-peer (P2P) networks, Matt Thompson, principal developer at Defence Intelligence, who reverse-engineered the malware, told SCMagazineUS.com. In addition, the malware attempted to spread on Microsoft's Internet Explorer (IE) 6 browser. One way attackers spread the malware was by sending out malicious links in instant messages on MSN Messenger, Thompson said. When a user clicked on the link, it brought up a page that appeared to be an update for Adobe Flash Player. If that page was viewed using IE 6, the malware would be automatically installed via drive-by download, requiring no user interaction. Once infected by Mariposa, the botmaster installed different malware, including keyloggers and banking trojans to gain additional functionality from infected PCs. More than 2.7 million, or 19 percent, of all infected IP addresses were located in India, making it the top Mariposa-infected country, according to Panda Security's analysis. Mexico came in second with approximately 1.8 million or 12.8 percent of infected IP addresses, followed by Brazil, then Korea, each with more than one million infected, and Colombia, with approximately 700,000. Rounding out the top 10 of countries with the most Mariposa bots were Russia, Egypt, Malaysia, Ukraine and Pakistan, each with at least 360,000 infected IP addresses. The malware is still present on many PCs and USB drives, so it still spreading, Davis said. See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.