Immunet Blog

Today's security headlines read "Spain busts global "botnet" masterminds", which reveals that over 13 million computers from "homes, universities, companies and government agencies in almost every country in the world" were infected by a virus that turned computers into zombies. A botnet is a group or network of bot-infected PCs that are all controlled by the same "command and control center", controllable via a remote computer that can silently access personal data such as credit card data, online banking passwords and other personal information.

Known as the "Mariposa Network" after the Spanish word for butterfly, the world's biggest computer virus network was apparently "rented out" to cybercriminals by the three Spanish nationals who created the zombie network. The network was shut down just a few months ago (December 2009) after the FBI was alerted to the virus-infected network by Canadian information security firm Defence Intelligence (go Canada!).

Investigators claim that more than half of the Fortune 1,000 largest US companies and more than 40 major banks were affected by the virus, "It would be easier for me to provide a list of the Fortune 1000 companies that weren?t compromised, rather than the long list of those who were," said Defence Intelligence CEO Christopher Davis.

Which begs the question....WHY wasn't this virus, as dangerous and widespread as it was, detected sooner by the over 13 MILLION computers that became infected and hijacked by the Mariposa Network? A Defence Intelligence blog post reveals that "only 6 of the 41 antivirus groups was able to detect the malware. Given time however, most antivirus companies are able to identify the same binary." But how late is too late once your financial data is compromised?

A preliminary analysis by the Mariposa Working Group, the collaborative collaborative effort between international security experts and law enforcement agencies to eradicate the botnet, reveals the following:

• Once infected by the Mariposa bot client, the botmaster installed different malware (advanced keyloggers, banking trojans like Zeus, remote access trojans, etc.) in order to gain additional functionality into the zombie PCs.

• The botmaster made money by selling parts of the botnet, installing pay-per-install toolbars, selling stolen credentials for online services and using the stolen banking credentials and credit cards to make transactions to overseas mules.

• The Mariposa botnet spread extremely effectively via P2P networks, USB drives, and MSN links.

We're happy to see that the Mariposa botnet perpetrators have been apprehended for their criminal actions, which is not often the case since authorities rarely catch cybercriminals behind these botnets, "the bulk of which are controlled by syndicates based in eastern Europe, southeast Asia, China and Latin America" according to the article.

"Mariposa's the biggest ever to be shut down, but this is only the tip of the iceberg. These things come up constantly," said Mark Rasch, former head of the U.S. Department of Justice computer crimes unit. Reassuring, isn't it? With the growing rise of social networks and the millions of users who still remain vulnerably unprotected against viruses (~50% of global PC users by some industry estimates), the Mariposa botnet incident serves as another big wake up call that every PC user must have effective AntiVirus protection.

The financial stakes are too high for millions of PC users, corporations, and governments to ignore the need for us to work collectively to increase global AntiVirus penetration of security solutions that truly protect the collective Internet community.

Please do your part to make the Web a safer place by protecting yourself and your friends with Immunet Protect; if you do run a companion AntiVirus product that requires frequent updates, you'll want to make sure that it is in fact on and up to date.