Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The infamous Mariposa botnet once obliterated has regrown wings into a new network that has infected machines in 172 countries and is said to even more dangerous.
The new network grew from the ashes of Mariposa, a Spanish word for butterfly, which was one of the world's largest botnets that at its height controlled up to 12 million infected machines before its destruction in December 2009.
It uses the same worm software, dubbed Butterfly bot, to infect hosts, but experts say it is "larger than Mariposa".
Researchers Matt Thompson and Meaghan Molloy from botnet monitoring firm Unveillance, along with Mariposa Working Group partner Panda Security, have collected and analysed several thousand unique variants of malicious software associated with Butterfly bot.
The research found that Butterfly is polymorphic malware that spreads via removable drives such as USB keys and those infected often find themselves in a perpetual cycle of reinfection.
Luis Corrons, technical director of PandaLabs, said that the framework of Butterfly allows any botmaster to run a Butterfly-type botnet.
Corrons, who was heavily involved with the takedown of Mariposa and met with the controllers, said that it was a distinctive botnet as it was heavily customised.
“The key here is that during the Mariposa case, we discovered the licensing mechanism inside the Butterfly bot client that is tied to the command and control server addresses," Corrons said.
"These licenses are in the form of botmaster nicknames, which are then again tied to the sales made to all botmasters who purchased a Butterfly botnet."
In early June, news reports from eastern European said that a law enforcement task force, including the FBI, Interpol, the Serbian Ministry of Internal Affairs and the Slovenian Police, resulted in the arrest of two men charged with stealing several hundred thousand dollars while running a botnet.
“Since the Butterfly framework creator was arrested and his computers confiscated, it is safe to assume that law enforcement has a very good insight into who is running any Butterfly-based botnet out there."
“What is strange is that given the above information being public since the Mariposa arrests last year in Spain and Slovenia, botmasters are still depending on Butterfly framework to run their botnets. Obviously those botmasters are either not concerned about going to jail or just plain stupid.”
The Butterfly bot kit costs $500 for a basic option with the external downloader, USB and MSN spreaders.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.