Mariposa botnet

The Mariposa botnet, discovered December 2008,[1] is a botnet mainly involved in cyberscamming and denial-of-service attacks.[2][3] Before the botnet itself was dismantled on 23 December 2009, it consisted of up to 12 million unique IP addresses or up to 1 million individual zombie computers infected with the "Butterfly (mariposa in Spanish) Bot", making it one of the largest known botnets.[3][4][5]

History

Origins and initial spread

The botnet was originally created by the DDP Team (Spanish: Días de Pesadilla Team, English: Nightmare Days Team), using a malware program called "Butterfly bot", which was also sold to various individuals and organisations.[2][6] The goal of this malware program was to install itself on an uninfected PC, monitoring activity for passwords, bank credentials and credit cards.[2] After that the malware would attempt to self-propagate to other connectible systems using various supported methods, such as MSN, P2P and USB.[7]

After completing its initial infection routine the malware would contact a command-and-control server within the botnet. This command and control server could be used by the controllers of the botnet, in order to issue orders to the botnet itself.[8]

Operations and impact

The operations executed by the botnet were diverse, in part because parts of the botnet could be rented by third party individuals and organizations.[9] Confirmed activities include denial-of-service attacks, e-mail spam, theft of personal information, and changing the search results a browser would display in order to show advertisements and pop-up ads.[8][10]

Due to the size and nature of a botnet its total financial and social impact is difficult to calculate, but initial estimates calculated that the removal of the malware alone could cost "tens of millions of dollars".[8][11] After the apprehension of the botnet's operators government officials also discovered a list containing personal details on 800,000 individuals, which could be used or sold for Identity theft purposes.[11]

The countries most infected by the botnet were India, Mexico, Brazil and South Korea.[12]

Dismantling

In May 2009 the Mariposa Working Group (MWG) was formed as an informal group, composed of Defence Intelligence, the Georgia Tech Information Security Center and Panda Security, along with additional unnamed security researchers and law enforcement agencies. The goal of this group was the analysis and extermination of the Mariposa botnet itself.[8]

On 23 December 2009 the Mariposa Working Group managed to take control of the Mariposa Botnet, after seizing control of the command-and-control servers used by the botnet. The operational owners of the botnet eventually succeeded in regaining control over the botnet, and in response launched a denial-of-service attack on Defence Intelligence.[8] The attack itself managed to knock out Internet connectivity for a large share of the ISP's customers, which included several Canadian universities and government agencies.[13]

On 3 February 2010, the Spanish national police arrested Florencio Carro Ruiz (alias: Netkairo) as the suspected leader of the DDP Team. Two additional arrests were made on 24 February 2010. Jonathan Pazos Rivera (alias: Jonyloleante) and Juan José Ríos Bellido (alias: Ostiator) were arrested on the suspicion of being members of DDP.[3][8][14][15][16]

On 18 July 2010, Matjaž Škorjanc (alias: Iserdo), the creator of the "Butterfly bot" malware, was arrested in Maribor by Slovenian police for the first time,[17] but released due to lack of evidence. He was arrested again in October 2011.[18] In December 2013 Škorjanc was convicted in Slovenia of "creating a malicious computer program for hacking information systems, assisting in wrongdoings and money laundering."[19] He was sentenced to 4 years and 10 months imprisonment and fined 3,000 ($3,000).[20] The court also ordered the seizure of Škorjanc's property acquired with the proceeds of crime.[21] After he appealed the verdict his fine was in February 2015 raised for additional 25,000 EUR.[22]

On 5 June, 2019, US law enforcement opened a new case in the operations of the Mariposa (Butterfly Bot, BFBOT) malware gang. FBI has moved forward with new charges and arrest warrants against four suspects including NiceHash's operator Matjaž Škorjanc.[23]

References

  1. ^ "FBI arrests 'mastermind' of Mariposa botnet computer code". The Daily Telegraph. London. 28 July 2010. Archived from the original on 8 October 2021. Retrieved 29 July 2010.
  2. ^ a b c Zerdin, Ali (28 July 2010). "Cyber mastermind arrested, questioned in Slovenia". The Washington Times. Washington, D.C. Archived from the original on 20 February 2011. Retrieved 29 July 2010.
  3. ^ a b c "Suspected 'Mariposa Botnet' creator arrested". canada.com. 28 July 2010. Archived from the original on May 11, 2011. Retrieved 29 July 2010.
  4. ^ Thompson, Matt (7 October 2009). "Mariposa Botnet Analysis" (PDF). Defintel. Archived (PDF) from the original on 9 July 2011. Retrieved 29 July 2010.
  5. ^ Krebs, Brian. "Accused Mariposa Botnet Operators Sought Jobs at Spanish Security Firm". Archived from the original on 19 October 2014. Retrieved 14 October 2014.
  6. ^ "FBI says cyber mastermind nabbed". The New Zealand Herald. 28 July 2010. Retrieved 29 July 2010. [dead link]
  7. ^ Coogan, Peter (7 October 2009). "The Mariposa/Butterfly Bot Kit". Symantec. Archived from the original on 3 August 2010. Retrieved 29 July 2010.
  8. ^ a b c d e f Corrons, Luis (3 March 2010). "Mariposa botnet". Panda Security. Archived from the original on 1 August 2010. Retrieved 29 July 2010.
  9. ^ "Massive Mariposa botnet shut down". Help Net Security. 3 March 2010. Archived from the original on 10 May 2010. Retrieved 29 July 2010.
  10. ^ Krebs, Brian (4 March 2010). "'Mariposa' Botnet Authors May Avoid Jail Time". Krebs on Security. Archived from the original on 31 July 2010. Retrieved 29 July 2010.
  11. ^ a b "Spain busts ring accused of infecting 13 mln PCs". Reuters. 2010-03-02. Archived from the original on 2021-10-08. Retrieved 2010-07-29.
  12. ^ "13m users worldwide affected by Mariposa botnet". Help Net Security. 10 March 2010. Archived from the original on 2 September 2022. Retrieved 2 September 2022.
  13. ^ Larraz, Teresa (3 March 2010). "UPDATE 1-Spain busts ring accused of infecting 13 mln PCs". Reuters. Archived from the original on 4 June 2010. Retrieved 29 July 2010.
  14. ^ Ragan, Steve (3 March 2010). "Mariposa botnet – 12.7 million bots strong – knocked offline". The Tech Herald. Archived from the original on 25 July 2010. Retrieved 29 July 2010.
  15. ^ "Cyber mastermind arrested, questioned in Slovenia". WTOP-FM. Retrieved 29 July 2010. [dead link]
  16. ^ "FBI, Slovenian and Spanish Police Arrest Mariposa Botnet Creator, Operators". FBI National Press Office. Washington, D.C. 28 July 2010. Archived from the original on 27 December 2013. Retrieved 27 December 2013.
  17. ^ "FBI potrdil aretacijo štajerskega hekerja; ta že na prostosti" [FBI Confirms the Arrest of the Styrian Hacker; He Is Already at Large] (in Slovenian). 28 July 2010. Archived from the original on 2 April 2015. Retrieved 2 March 2015.
  18. ^ "Afera Mariposa: Škorjanc se ni želel zagovarjati" [Mariposa Affair: Škorjanc Refuses to Defend Himself]. Delo.si (in Slovenian). 6 August 2012. Archived from the original on 2 April 2015. Retrieved 2 March 2015.
  19. ^ "Creator of Mariposa Botnet Sentenced to 58 Months in Prison". Security Week. 23 December 2013. Archived from the original on 27 December 2013. Retrieved 27 December 2013.
  20. ^ "Hacker sentenced for 'malicious' programme". IOL. 24 December 2013. Archived from the original on 27 December 2013. Retrieved 27 December 2013.
  21. ^ "Mariposa botnet 'mastermind' jailed in Slovenia". BBC News. 24 December 2013. Archived from the original on 27 December 2013. Retrieved 27 December 2013.
  22. ^ "Mariposa Botnet Hacker Fails with Appeal at Higher Court". Slovenian Press Agency. 5 February 2015. Archived from the original on 2015-03-08.
  23. ^ "Eight years later, the case against the Mariposa malware gang moves forward in the US". ZDNet. 2019-06-11. Archived from the original on 2021-10-08. Retrieved 2019-06-11.

Read other articles:

Sinocyamodus

Extinct genus of reptiles SinocyamodusTemporal range: Late Triassic (Tuvalian)~232–222 Ma PreꞒ Ꞓ O S D C P T J K Pg N Fossil of Sinocyamodus xinpuensis in the Shandong Tianyu Museum of Nature Scientific classification Domain: Eukaryota Kingdom: Animalia Phylum: Chordata Class: Reptilia Superorder: †Sauropterygia Order: †Placodontia Superfamily: †Cyamodontoidea Genus: †SinocyamodusLi 2000 Type species †Sinocyamodus xinpuensisLi 2000 Sinocyamodus is an extinct genus of plac...

 

Antal Kotász

Hungarian footballer (1929–2003) The native form of this personal name is Kotász Antal. This article uses Western name order when mentioning individuals. Antal Kotász Antal Kotász, 1959Personal informationFull name Antal KotászDate of birth (1929-09-01)1 September 1929Place of birth Vasvár, HungaryDate of death 6 July 2003(2003-07-06) (aged 73)Place of death Budapest, HungaryPosition(s) MidfielderSenior career*Years Team Apps (Gls)1955–1963 Budapest Honvéd 179 (7)Internatio...

 

Синелобый амазон

Синелобый амазон Научная классификация Домен:ЭукариотыЦарство:ЖивотныеПодцарство:ЭуметазоиБез ранга:Двусторонне-симметричныеБез ранга:ВторичноротыеТип:ХордовыеПодтип:ПозвоночныеИнфратип:ЧелюстноротыеНадкласс:ЧетвероногиеКлада:АмниотыКлада:ЗавропсидыКласс:Пт�...

Nwankwo Kanu

Nwankwo Kanu Kanu berseragam PortsmouthInformasi pribadiNama lengkap Nwankwo Kanu[1]Tanggal lahir 01 Agustus 1976 (umur 47)Tempat lahir Owerri, NigeriaTinggi 1,97 m (6 ft 5+1⁄2 in)Posisi bermain PenyerangKarier senior*Tahun Tim Tampil (Gol)1992–1993 Iwuanyanwu Nationale 25 (15)1993–1996 Ajax 54 (25)1996–1999 Inter Milan 12 (1)1999–2004 Arsenal 119 (35)2004–2006 West Bromwich Albion 53 (7)2006–2012 Portsmouth 143 (20)Total 406 (103)Tim nasional‡...

 

1514

У Вікіпедії є статті про інші значення цього терміна: 1514 (значення). Рік: 1511 · 1512 · 1513 — 1514 — 1515 · 1516 · 1517 Десятиліття: 1490-ті · 1500-ті — 1510-ті — 1520-ті · 1530-ті Століття: XIV · XV —  XVI — XVII · XVIII Тисячоліття: 1-ше — 2-ге — 3-тє 1514 в інших календар...

 

Qiblih

Kuil Baháʼu'lláh di dekat Akko, Israel, yang menjadi qiblih umat Baháʼí. Dalam agama Baha'i, qiblih (Arab: قبلةcode: ar is deprecated , arah) adalah tempat yang menjadi arah berdoa umat Baha'i. Qiblih terletak di Kuil Baháʼu'lláh di dekat Akko, Israel, atau di koordinat 32°56′37″N 35°5′30.5″E / 32.94361°N 35.091806°E / 32.94361; 35.091806. Selain menjadi arah berdoa, qiblih juga menjadi arah wajah jenazah yang dimakamkan. Lihat pula Kiblat Mizr...

Düsseldorf

Düsseldorfatas: Düsseldorf-Hafen, bawah dari kiri: Ständehaus Kunstsammlung Nordrhein-Westfalen, Königsallee, dan Stadttor BenderaLambang kebesaranLetak Düsseldorf di Nordrhein-Westfalen NegaraJermanNegara bagianNordrhein-WestfalenWilayahDüsseldorfKreisDistrik perkotaanSubdivisions10 distrik, 49 wilayahPemerintahan • Lord MayorThomas Geisel (SPD) • Governing partiesSPDLuas • Total217 km2 (84 sq mi)Ketinggian38 m (125 ft)Popula...

 

趙家驤

追晉陸軍二級上將趙家驤將軍个人资料出生1910年 大清河南省衛輝府汲縣逝世1958年8月23日(1958歲—08—23)(47—48歲) † 中華民國福建省金門縣国籍 中華民國政党 中國國民黨获奖 青天白日勳章(追贈)军事背景效忠 中華民國服役 國民革命軍 中華民國陸軍服役时间1924年-1958年军衔 二級上將 (追晉)部队四十七師指挥東北剿匪總司令部參謀長陸軍�...

 

大字 (数字)

この項目には、一部のコンピュータや閲覧ソフトで表示できない文字が含まれています(詳細)。 数字の大字(だいじ)は、漢数字の一種。通常用いる単純な字形の漢数字(小字)の代わりに同じ音の別の漢字を用いるものである。 概要 壱万円日本銀行券(「壱」が大字) 弐千円日本銀行券(「弐」が大字) 漢数字には「一」「二」「三」と続く小字と、「壱」「�...

Circondario di Gießen

Questa voce sugli argomenti circondari della Germania e Assia è solo un abbozzo. Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Circondario di GießencircondarioLandkreis Gießen LocalizzazioneStato Germania Land Assia DistrettoGießen AmministrazioneCapoluogoGießen GovernatoreAnita Schneider (SPD) TerritorioCoordinatedel capoluogo50°35′N 8°40′E / 50.583333°N 8.666667°E50.583333; 8.666667 (Circondario di Gießen)Coordinate: 50°...

 

Ryszard Gryglewski

Polish pharmacologist (1932–2023) Ryszard Jerzy GryglewskiBorn(1932-08-04)4 August 1932Wilno, Poland (now Vilnius, Lithuania)Died30 January 2023(2023-01-30) (aged 90)Kraków, PolandNationalityPolishCitizenshipPolishAlma materJagiellonian UniversityKnown forDiscovery of prostacyclinAwardsPrize of the Foundation for Polish Science (1997)Sir Hans Krebs Medal (2004)Scientific careerFieldsPharmacology, medicine Ryszard Jerzy Gryglewski (Polish: [ˈrɨʂard ˈjɛʐɨ ˈɡ...

 

リチャード二世 第1部

ポータル 文学 『リチャード二世 第1部』(Richard the Second Part One)または『トマス・オブ・ウッドストック』(Thomas of Woodstock)は、リチャード二世の統治期に起こったトマス・オブ・ウッドストックの事件を描いた、作者不詳で題名のないエリザベス朝演劇の不完全な原稿につけられた名称。作者をウィリアム・シェイクスピアとする研究者もいて、シェイクスピア...

Live Aid

1985 benefit concert For the 2005 benefit concerts, see Live 8. Live AidOfficial Live Aid poster featuring artwork by Peter BlakeGenrePopRockDates13 July 1985; 39 years ago (1985-07-13)Location(s) Wembley Stadium in London, England, United Kingdom John F. Kennedy Stadium in Philadelphia, Pennsylvania, United States FoundersBob GeldofMidge UreAttendance72,000 (London)89,484 (Philadelphia) Live Aid was a multi-venue benefit concert and music-based fundraising initiative held o...

 

Главный государственный советник налоговой службы (Россия)

Петлица высшего классного чина Главного государственного советника налоговой службы Главный государственный советник налоговой службы — высший классный чин в налоговых органах Российской Федерации в 1991—2001 гг. (ниже — государственный советник налоговой служ...

 

Associazione Calcio Valdagno 1995-1996

Voce principale: Football Club Valdagno. Associazione Calcio ValdagnoStagione 1995-1996Sport calcio Squadra Valdagno Allenatore Diego Martinello poi Luciano Stevenato Presidente Giuseppe Aldegheri Serie C211º posto nel girone A. Maggiori presenzeCampionato: Perin (33) Miglior marcatoreCampionato: Guiotto (10) 1994-1995 1996-1997 Si invita a seguire il modello di voce Questa voce raccoglie le informazioni riguardanti l'Associazione Calcio Valdagno nelle competizioni ufficiali della stag...

列支敦斯登地理

列支敦士登的卫星图像。 瓦杜茲市中心北面景观。 列支敦斯登是欧洲西部的一個的內陸國家,與烏茲別克並列為世界上僅有的兩個雙重內陸國。 列支敦斯登坐落於歐洲阿爾卑斯山地的萊因河谷,其西邊是以萊因河作為邊界與瑞士相鄰,東側則是以屬於阿爾卑斯山脈的山嶺地帶與奧地利為界。全國只有西側約三分之一的面積位在平坦的河谷裡,其餘地區大都屬於山地。 列支�...

 

Canoeing at the 2024 Summer Olympics – Women's slalom K-1

Women's slalom K-1at the Games of the XXXIII OlympiadZwolińska, Fox, and Woods on the podiumVenueNational Olympic Nautical Stadium of Île-de-France, Vaires-sur-MarneDates27 July 2024 (heats)28 July 2024 (semifinal & final)Medalists Jessica Fox  Australia Klaudia Zwolińska  Poland Kimberley Woods  Great Britain← 20202028 → Canoeing at the2024 Summer OlympicsList of canoeistsQualificationSlalomC-1menwomenK-1menwomenKayak crossmenwomenSprintC-1 200 mw...

 

Benito Lynch

Argentine writer (1885–1951) Benito Lynch. Benito Lynch (25 July 1885 - 23 December 1951) was an Argentine novelist and short story writer. Biography Lynch was born in Buenos Aires. He came from a family of Irish origin who settled in the Río de la Plata region since the 18th century. They were descendants of Patrick Lynch from Galway. He spent his childhood and adolescence on the large country estate of his grandfather Ventura Lynch. After the estate was sold, the family settled in La Pla...

セント・フォース

株式会社セント・フォースCent FORCE Co.,Ltd. 種類 株式会社市場情報 非上場本社所在地 日本〒150-0013東京都渋谷区恵比寿四丁目1番22号ネオナートアネックス5F設立 1994年(平成6年)7月(1992年(平成4年)6月としている場合もあり)業種 サービス業法人番号 8011001032008 事業内容 キャスター・タレントのマネジメント代表者 代表取締役社長:久保地美晴資本金 1000万円従業員�...

 

Broadway Melody of 1940

1940 film by Norman Taurog Broadway Melody of 19401940 Theatrical PosterDirected byNorman TaurogWritten byStory:Jack McGowanDore ScharyScreenplay:Leon GordonGeorge OppenheimerProduced byJack CummingsStarringFred AstaireEleanor PowellCinematographyOliver T. MarshJoseph RuttenbergEdited byBlanche SewellMusic byDarrell CalkerRoger EdensWalter RuickProductioncompanyMetro-Goldwyn-MayerDistributed byLoew's, IncRelease date February 9, 1940 (1940-02-09) (United States) Running tim...