Following the shutdown of the Mariposa botnet recently, three alleged members of the group behind the said botnet were finally arrested last week by the Spanish Police, although they are still pursuing another suspect that may still be at large somewhere in South America.
The Mariposa botnet was one of the largest botnets to date. It was reportedly responsible for attacking millions of businesses around the world, including Fortune 1000 companies, in a mission to steal online banking, business, and personal information from compromised systems.
Mariposa was discovered in 2009 by the Mariposa Working Group, an informal group of volunteers from the security industry and law enforcement agencies, formed to specifically investigate and to eventually eliminate the said botnet. The group was also responsible for giving out pertinent information on the botnet, which led to the arrest of three of its perpetrators.
Throughout its lifetime, Mariposa was able to launch several bot variants that were able to compromise up to 12.7 million computers from all over the world. Trend Micro detects malware related to this botnet as WORM_AUTORUN.ZRO (now named WORM_PALEVO.SMZR). This worm spreads copies of itself through physical and removable drives as well as through the popular instant-messaging application, MSN Messenger. It also propagates via known peer-to-peer (P2P) file-sharing applications, particularly Kazaa, BearShare, iMesh, Shareaza, DC++, Emule, and LimeWire. It can also perform denial-of-service (DoS) attacks against targeted systems.
The take-down of the Mariposa botnet may mean less zombies for cybercriminals to operate with. However, there are still other infamous botnets that have not been caught yet and even new ones that are gaining notoriety once again such as ZeuS, SDBOT IRC, Chuck Norris, and DOWNAD/Conficker botnets.
Trend Micro™ Smart Protection Network™ already protects product users from these threats by detecting and preventing the file’s execution on affected systems via the file reputation service.
Non-Trend Micro product users, on the other hand, can use free tools like RUBotted, which monitors computers for suspicious activities and regularly checks with an online service to identify behaviors associated with bots. Upon discovering potential infections, it prompts users to scan and clean their computers.