Mariposa (Spanish for butterfly)
bot-net malware spread through P2P networks, infected USB drives, and via MSN links that directed surfers to infected websites. Once infected by the Mariposa bot client, compromised machines would have various strains of malware installed (advanced key-loggers, banking Trojans like Zeus, remote access Trojans, etc) by the hackers to obtain greater control of infected systems.
the FBI and security firm Panda Security and Defense Intelligence led to the take down of the 12.7 million strong zombie network in December and the arrest of three suspects in Spain two months later.
The malware infected an estimated 12.7 million computers in more than 190 countries.
Spanish police said they recovered the personal details of 800,000 people from systems recovered from three alleged cyber-criminals. This cache of stolen information includes bank login credentials from businesses and consumers as well as email passwords.
Bot-net Suspects ::
Netkairo
lieutenants JPR
Murcia and JBR
Possible suspect ::
Phoenix
The take-down story of Mariposa bot-net ::
The criminal gang behind Mariposa nearly always connected to the Mariposa controlled servers from anonymous VPN (Virtual Private Network) services, preventing investigators from identifying their real I.P addresses.
However when the December shutdown operation happened, the gang’s leader, alias Netkairo, panicked in his efforts to regain control of the bot-net. Netkairo made the fatal error of connecting directly from his home computer instead of using the VPN, leaving a trail of digital fingerprints that led to a series of arrests two months later.
Domains used by Mariposa were unwittingly hosted by US ISP CDmon,which assisted security researchers and law enforcement officials in taking down the bot-net.
Under Spanish law suspects are not named at this stage of proceedings. Pedro Bustamante, senior research advisor at Panda Security, said: “Our preliminary analysis indicates that the bot-masters did not have advanced hacking skills.
"This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss."
Regards
Moin Faraz
0 comments:
Post a Comment