Spanish law-enforcement agencies have recently shut down a 12M PC botnet, codenamed Mariposa (spanish for “butterfly”), distributed in more than 190 countries. Considering a typical size of such a malicious coalition at around 5K members, one may put into perspective how much of a security risk a network of millions of infected PCs really is. According to the arresting authorities, it had the power to dwarf Georgia and Estonia cyberattacks if it had been used to launch denial of service attacks. Apart from abusing the processing and bandwidth resources of their victims, botnets, spy on the users’ online activities and collect personal information. The Mariposa had recorded more than 800.000 people’s details, including credit card numbers, online banking information and e-mail passwords. Its infected population was not limited to home users; it included PCs in more than half of the Fortune 1000 companies and more than 40 major banks.
Security researchers infiltrated the botnet’s command and control systems, learning enough to mount a successful takedown operation in cooperation with ISPs. Security specialists and researchers from the Georgia Tech Information Security Center and software firm Panda Security were called by the Spanish government to assist in the takedown and after-the-fact analysis. It turned out that the botnet runners had infected computers by instant-messaging malicious links. They also got viruses onto removable thumb drives and through peer-to-peer networks.
Finally, three men were arrested but are unlikely to be convicted due to insufficient cyber-crime legislation in Spain.
