Mariposa (botnet)

Mariposa ( Spanish for 'butterfly') is one of the largest botnets discovered to date. Produced it was determined by the Butterfly - toolkits .

distribution

The computers affected were infected, among other things, via links in instant messages that referred to prepared websites and exploited a vulnerability in Microsoft Internet Explorer . In addition, the distribution also happened via file sharing networks and USB sticks . An analysis registered an average of four hits per day on the corresponding domains .

size

The botnet is said to have consisted of 13 million computers, making it the largest known of its kind at the time. PCs from 190 countries were infected, including computers from 500 large companies in the USA.

use

The Mariposa was not used as a classic spam botnet; rather, the aim of the campaigns seems to have been data theft. It collected data from more than 800,000 users, including access data to online banking accounts, e-mail accounts, access data to company networks and much more. In addition, the network was also rented to others, for example a DoS attack on Arabic websites was registered at the beginning of November .

Exposure

The Defense Intelligence Team found the first signs of the existence of the Mariposa botnet in May 2009. In the subsequent analysis of the botnet, numerous master servers were identified. The “Command and Control Server” was taken offline on December 23, 2009.

At the end of February 2010, three Spaniards were arrested on charges of operating the botnet. The arrest came in a joint effort by the Civil Guard , the FBI , the Georgia Tech Information Security Center , security specialist Panda Security and the Defense Intelligence Team.

In July 2010 the Slovenian police arrested three former IT students, they are accused of developing the malware used to build the botnet and selling it to the botnet operators.

Individual evidence

↑ ^a ^b ^c ^d ^e ^f ^g https://www.heise.de/newsticker/meldung/Spanische-Polizei-gibt-Einzelheiten-zu-Mariposa-Verhaftungen-bekannt-945386.html Heise.de
↑ ^a ^b http://www.itseccity.de/?url=/content/virenwarnung/ Background/100309_vir_hin_messagelabs.html
↑ Archived copy ( memento of the original dated June 6, 2010 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2
↑ ^a ^b http://defintel.blogspot.com/2009/10/mariposa-botnet-analysis.html
↑ http://www.oe24.at/digital/Mariposa-Super-Virus-13-Millionen-PCs-infiziert-0747296.ece

[heise.de-1] ↑ ^a ^b ^c ^d ^e ^f ^g https://www.heise.de/newsticker/meldung/Spanische-Polizei-gibt-Einzelheiten-zu-Mariposa-Verhaftungen-bekannt-945386.html Heise.de

[itseccity.de-2] ttp://www.itseccity.de/?url=/content/virenwarnung/ Background/100309_vir_hin_messagelabs.html

[pandanews.de-3] Archived copy ( memento of the original dated June 6, 2010 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2

[defintel.com-4] ttp://defintel.blogspot.com/2009/10/mariposa-botnet-analysis.html

[oe24.at-5] ttp://www.oe24.at/digital/Mariposa-Super-Virus-13-Millionen-PCs-infiziert-0747296.ece