RSS Alerts

Related Stories

  • Rustock spambot continues to ride high
    Research just published claims to show that, after six months generating vast quantities of spam, the Rustock spambot shows no signs of fading away.
  • You can't trust the internet, says Panda technical director
    After observing the IT security arena for around 20 years, Luis Corrons, Panda Security's technical director, has come to a simple conclusion – you can't trust the internet and, as a result, users should always be distrustful of everything they see on the web.
  • Taking Down a Botnet
    This past February, Microsoft, along with industry partners and academic researchers, spearheaded an effort to take the Waledec botnet offline. Drew Amorosi provides a detailed account of just how the cooperative endeavor was able to halt – at least temporarily – the notorious spam serving network.
    Members' Content
  • $8.94 an hour will rent you your very own botnet
    The price of online cybercrime has reduced so that criminals can rent bots by the hour. VeriSign's iDefense research operation says the cost is just $8.94 an hour.
  • Provider takedown guts Zeus infrastructure
    Yet another botnet suffered severe losses to its functionality this week, in what appears to be a growing campaign among the white hat community to take down these virulent networks. Troyak-AS, which was the upstream provider for the six worst Zeus hosting ISPs, has been taken offline.

News

Suspected Mariposa botnet author arrested

28 July 2010

A 23-year-old Slovenian man – thought to be the author and creator of the infamous Mariposa (butterfly) botnet – has been arrested by Slovenian police, working in concert with their colleagues from Spain and a team from the FBI.

The arrest in the Mariposa case is the result of several months of painstaking effort by all three law enforcement operations and builds on the arrests of a trio of Slovenians earlier this year.

The man – known as Iserdo – is thought to be a close colleague of the three Slovenians – Florencio Carro Ruiz, Jonathan Pazos Rivera, and Juan Jose Bellido Rios – who were arrested in Spain in February following an investigation that was assisted by Luis Corrons, the technical director of Panda Security.

According to the FBI, the Mariposa botnet is the result of malware code created by Iserdo, who sources suggest sold an early version of the code to the trio arrested in February.

"In the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world", FBI director Robert Mueller said in a prepared statement.

FBI cybersecurity division assistant director Gordon Snow is quoted by the AFP newswire as saying he welcomed the co-operation of the Slovenian and Spanish authorities in the case.

"Cybercrime knows no boundaries, and without international collaboration, our efforts to dismantle these operations would be impossible", he said.

According to FBI director Mueller, over the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world.

"These cyber intrusions, thefts, and frauds undermine the integrity of the internet and the businesses that rely on it; they also threaten the privacy and pocketbooks of all who use the internet", he said.

Panda's Luis Corrons has been working closely with the Spanish police and the FBI on helping to track down Iserdo.

As reported previously by Infosecurity, Corrons assistance culminated in the arrests of three Slovenians in February. Shortly after the arrests, Corrons revealed that two of the people arrested had actually applied for jobs with Panda.

In a security blog posting, Panda's technical director says that the arrested trio probably bought the Mariposa bot from Iserdo.

Corrons said in his blog that the FBI had asked his team not to discuss Iserdo.

In a complex web of hackery, Corrons says that Iserdo sold the Mariposa code to one of the three Slovenians arrested earlier this year.

The investigation into Mariposa is not over, says Corrons, as the Spanish police are still trying to arrest more people, while Iserdo "has been selling the bot to different people, who are creating new botnets".

 

This article is featured in:
IT Forensics Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water