Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Claims have been made that the Mariposa botnet is still alive and some control and commands centre (CnC) are still active and spreading.According to Haroon Malik at the FireEye malware intelligence lab, some Mariposa CnCs are still active and spreading. He pointed to a Mariposa sample communicating to its CnC which had received a command to spread through a USB.
He said: “It seems that either Spanish police have not been able to apprehend the entire Mariposa gang or the botnet CnC has some sort of auto-pilot mode. All this brings home a very important lesson in shutting down major botnets. Even if the bot masters are arrested, you still have to shut down the CnC. Unless that is done, the infrastructure is still there, it still lives, and it can continue to spread and cause harm.”He asked who is currently operating this botnet, if it is still alive, and has it been taken over by some rival gang? Or are the original bot masters pulling the strings while in police custody? Or is it simply operating on auto-pilot?One commenter on his blog claimed that Mariposa was named for one particular botnet that used the Butterfly bot malware. He said: “What you have here is Butterfly malware botnet for sure. It is not Mariposa though. We suspect the un-named botnet you are blogging about could be bigger than Mariposa ever was.”
While another commenter believed that Mariposa was sold, that ‘Iserdo' coded it and sold a builder so everyone can make a similar botnet. “There are dozens in the wild. He´s still active and sells a new botnet called butterfly flooder,” they said.Commenting, PandaLabs' technical director Luis Corrons, who recently described his meeting with the botnet owners to SC Magazine, said that he did not have a particular sample in his hands, but commented on the Butterfly bot malware rumours.He said: “I can tell you that the specific command that is mentioned there (alinfiernoya) was used in old versions of the butterfly bot used by the gang, but not in the current ones they were using when they were arrested.
“So in case the bot mentioned in that blog post is accepting that order, that would mean that it is not the Mariposa botnet, but a completely different one based on the same bot family as the one that was found in some Vodafone phones.”See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.