Slashdot Mirror


Mariposa Botnet Beheaded

northernboy and many other readers sent news of the beheading of the Mariposa botnet with three arrests in Spain. "Defense Intelligence of Ottawa working with ISPs and Spanish authorities have taken down yet another > 12M PC botnet, called Mariposa. The three top-level operators are in custody, but remain anonymous under Spanish law (how quaint: apparently in Spain, the accused have some right to privacy). AP is claiming that the botnet included systems in roughly half of the Fortune 1000 companies, scattered over 190 countries. Interesting details: none of the three principals has a prior criminal record. Although apparently hardworking, they are not uber-hackers, but rather had connections to the Spanish mafia, which apparently helped to equip them. At the time of arrest, they were not showing signs of their significant new income level. From the article: 'Chris Davis, CEO of Ottawa-based Defence Intelligence, said he noticed the infections when they appeared on networks of some of his firm's clients, including pharmaceutical companies and banks. It wasn't until several months later that he realized the infections were part of something much bigger. After seeing that some of the servers used to control computers in the botnet were located in Spain, Davis and researchers from the Georgia Tech Information Security Center joined with software firm Panda Security, which is headquartered in Bilbao, Spain. The investigators caught a few lucky breaks. For one, the suspects used Internet services that wound up cooperating with investigators. That isn't always the case.'"

3 of 177 comments (clear)

  1. Different article/same topic by moeinvt · · Score: -1, Troll

    http://www.information-age.com/channels/security-and-continuity/news/1203193/three-arrested-in-connection-to-worlds-largest-botnet.thtml

    "Mariposa was disabled in December 2009 when a working group of volunteers, some of which were security software vendors, managed to take over the 'command and control' servers that co-ordinate the network."

    What gives these bloody do-gooders the authority to "take over" other people's servers? Why couldn't this be an excuse for all sorts of network intrusions? "Oh, I thought this server was hosting malware or controlling a botnet, so I took it over with altruistic intentions". From the story a few days ago, MS went to court in order to get Waledac shut down. Seems like things could get tricky with jurisdictional issues as well. Maybe the U.S. government should issue some letters of marque so that private citizens could "attack" foreign malware servers?

  2. Re:Another... by Anonymous Coward · · Score: -1, Troll

    I don't believe in physical violence of any kind, and the Scripture doesn't support racism. The only true Nazis in this world are fags.

  3. Re:Another... by Anonymous Coward · · Score: -1, Troll

    Yeah because home users NEVER use outlook to get their mail from pop servers like yahoo or google. We should block port 25 from home connections completely and completely ignore all the businesses with hundreds of infected machines.

    GOOD GAME SIR YOU WIN AN INTERNETS.

    I love these lame assed fascist fixes you nerds come up with.