Mariposa botnet

Mariposa botnet

The Mariposa botnet, discovered December 2008,[1] is a botnet mainly involved in cyberscamming and denial of service attacks.[2][3] Before the botnet itself was dismantled on December 23, 2009, it consisted of 8 to 12 million individual zombie computers infected with the "Butterfly (mariposa in Spanish) Bot", making it one of the largest known botnets.[3][4]

Contents

History

Origins and initial spread

The botnet was originally created by the DDP Team (Spanish: Días de Pesadilla Team, English: Nightmare Days Team), using a malware program called "Butterfly bot", which was also sold to various individuals and organisations.[2][5] The goal of this malware program was to install itself on an uninfected PC, monitoring activity for passwords, bank credentials and credit cards.[2] After that the malware would attempt to self-propagate to other connectible systems using various supported methods, such as MSN, P2P and USB.[6]

After completing its initial infection routine the malware would contact a command-and-control server within the botnet. This command and control server could be used by the controllers of the botnet, in order to issue orders to the botnet itself.[7]

Operations and impact

The operations executed by the botnet were diverse, in part because parts of the botnet could be rented by third party individuals and organizations.[8] Confirmed activities include denial of service attacks, e-mail spam, theft of personal information, and changing the search results a browser would display in order to show advertisements and pop-up ads.[7][9]

Due to the size and nature of a botnet its total financial and social impact is difficult to calculate, but initial estimates calculated that the removal of the malware alone could cost "tens of millions of dollars".[7][10] After the apprehension of the botnet's operators government officials also discovered a list containing personal details on 800.000 individuals, which could be used or sold for Identity theft purposes.[10]

Dismantling

In May 2009 the Mariposa Working Group (MWG) was formed as a informal group, composed of Defence Intelligence Inc., the Georgia Tech Information Security Center and Panda Security, along with additional unnamed security researchers and law enforcement agencies. The goal of this group was the analysis and extermination of the Mariposa botnet itself.[7]

On December 23, 2009 the Mariposa Working Group managed to take control of the Mariposa Botnet, after seizing control of the command-and-control servers used by the botnet. The operational owners of the botnet eventually succeeded in regaining control over the botnet, and in response launched a denial of service attack on Defence Intelligence.[7] The attack itself managed to knock out Internet connectivity for a large share of the ISP's customers, which included several Canadian universities and government agencies.[11]

On February 3, 2010, the Spanish national police arrested Florencio Carro Ruiz (alias: Netkairo) as the suspected leader of the DDP Team. Two additional arrests were made on February 24, 2010. Jonathan Pazos Rivera (alias: Jonyloleante) and Juan Jose Bellido Rios (alias: Ostiator) were arrested on the suspicion of being members of DDP.[3][7][12][13][14]

On July 28, 2010, the suspected creator of the "Butterfly bot" malware (known only by his alias "Iserdo") was arrested by Slovenian police.[1][2][3][5]

References

  1. ^ a b Published: 7:00AM BST 28 Jul 2010 Comments (2010-07-28). "FBI arrests 'mastermind' of Mariposa botnet computer code". London: Telegraph. http://www.telegraph.co.uk/technology/7913767/FBI-arrests-mastermind-of-Mariposa-botnet-computer-code.html. Retrieved 2010-07-29. 
  2. ^ a b c d By Ali Zerdin – Associated Press. "Cyber mastermind arrested, questioned in Slovenia". Washington Times. http://www.washingtontimes.com/news/2010/jul/28/cyber-mastermind-arrested-questioned-in-slovenia/. Retrieved 2010-07-29. 
  3. ^ a b c d "Suspected 'Mariposa Botnet' creator arrested". .canada.com. http://www2.canada.com/topics/technology/story.html?id=3333655. Retrieved 2010-07-29. 
  4. ^ Matt Thompson (2009-10-07). "Mariposa Botnet Analysis". Defence Intelligence. http://www.defintel.com/docs/Mariposa_Analysis.pdf. Retrieved 2010-07-29. 
  5. ^ a b "FBI says cyber mastermind nabbed – Technology – NZ Herald News". Nzherald.co.nz. http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10661891. Retrieved 2010-07-29. [dead link]
  6. ^ Peter Coogan (2009-10-07). "The Mariposa / Butterfly Bot Kit | Symantec Connect". Symantec.com. http://www.symantec.com/connect/blogs/mariposa-butterfly-bot-kit. Retrieved 2010-07-29. 
  7. ^ a b c d e f Posted on 03/3/10 by Luis Corrons (2010-03-03). "Mariposa botnet | PandaLabs Blog". Pandalabs.pandasecurity.com. http://pandalabs.pandasecurity.com/mariposa-botnet/. Retrieved 2010-07-29. 
  8. ^ Help Net Security. "Massive Mariposa botnet shut down". Net-security.org. http://www.net-security.org/secworld.php?id=8962. Retrieved 2010-07-29. 
  9. ^ "‘Mariposa’ Botnet Authors May Avoid Jail Time – Krebs on Security". Krebsonsecurity.com. 2010-03-04. http://krebsonsecurity.com/2010/03/mariposa-botnet-authors-may-avoid-jail-time/. Retrieved 2010-07-29. 
  10. ^ a b "UPDATE 1-Spain busts ring accused of infecting 13 mln PCs". Reuters. 2010-03-02. http://www.reuters.com/article/idUSN0218881320100302. Retrieved 2010-07-29. 
  11. ^ Larraz, Teresa (2010-03-03). "Spanish botnet potent enough to attack country: police". Reuters. http://www.reuters.com/article/idUSTRE6214ST20100303. Retrieved 2010-07-29. 
  12. ^ James Wray and Ulf Stabe (2010-03-03). "Mariposa botnet – 12.7 million bots strong – knocked offline – Security". Thetechherald.com. http://www.thetechherald.com/article.php/201009/5330/Mariposa-botnet-12-7-million-bots-strong-knocked-offline. Retrieved 2010-07-29. 
  13. ^ "Cyber mastermind arrested, questioned in Slovenia – wtop.com". Wtopnews.com. http://www.wtopnews.com/?sid=2013636&nid=108. Retrieved 2010-07-29. 
  14. ^ FBI — FBI, Slovenian and Spanish Police Arrest Mariposa Botnet Creator, Operators

External links

v · d · eBotnets
Notable botnets
Akbot · Asprox · Bagle · Bredolab · Cutwail · Donbot · Grum · Gumblar  · Kraken · Lethic · Mariposa · Mega-D · Metulji · Rustock · Srizbi · Storm · Torpig · Waledac · Zeus
Main articles
Computer worm · Malbot · Malware · Operation: Bot Roast · Dosnet

Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Mariposa (Botnet) — Mariposa (spanisch, deutsch Schmetterling) ist eines der größten bisher aufgedeckten Botnets. Erzeugt wurde es mittels des Butterfly Toolkits. Inhaltsverzeichnis 1 Verbreitung 2 Größe 3 Verwendung …   Deutsch Wikipedia

  • Botnet Mariposa — Mariposa, qui signifie papillon en espagnol, est un des plus imposant botnet mis au jour en début d année 2010. Selon les enquêteurs, 13 millions de machines zombies seraient infectées et donc contrôlées à des fins malveillantes[1]. Ce botnet se… …   Wikipédia en Français

  • Mariposa — is the Spanish word for butterfly . In Portuguese, it is both a synonym for moth (Brazil) and butterfly (Portugal). It may also refer to: Contents 1 Places 1.1 Canada …   Wikipedia

  • Mariposa — ist: die Bezeichnung eines mexikanischen Biosphärenreservates: Mariposa Monarca die Bezeichnung eines Botnetzes: Mariposa (Botnet) das spanische Wort für Schmetterling ein Teil des US amerikanischen Nationalparks Yosemite National Park, bekannt… …   Deutsch Wikipedia

  • Botnet — Un botnet est un ensemble de bots informatiques qui sont reliés entre eux. Historiquement, ce terme s est d abord confondu avec des robots IRC (bien que le terme ne se limitait pas à cet usage spécifique), qui était un type de botnet particulier… …   Wikipédia en Français

  • Botnet Srizbi — Le botnet Srizbi, aussi connu sous les noms de Cbepblay et Exchanger, est réputé être le plus grand ou le deuxième plus grand botnet et est responsable de la transmission de la moitié du spam qui transite par l ensemble des botnets… …   Wikipédia en Français

  • Botnet Storm — Demande de traduction Storm botnet → …   Wikipédia en Français

  • Mariposa — Cette page d’homonymie répertorie les différents sujets et articles partageant un même nom. Le nom Mariposa peut désigner : Mariposa (Californie) Comté de Mariposa Mariposa Grove Mariposa (paquebot) est le nom d un paquebot Mariposa, dans le …   Wikipédia en Français

  • Botnet — Ablauf der Entstehung und Verwendung von Botnetzen: 1. Infizierung ungeschützter Computer, 2. Eingliederung in das Botnet, 3. Botnetbetreiber verkauft Dienste des Botnets, 4./5. Ausnutzung des Botsnets, etwa für den Versand von Spam Ein Botnet… …   Deutsch Wikipedia

  • Storm botnet — The typical lifecycle of spam that originates from a botnet: (1) Spammer s web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic The Storm… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”