Mariposa botnet masterminds unlikely to face jail

Mariposa infected nearly 13 million computers

One of the leading figures involved in the detection and takedown of the infamous Mariposa botnet has told V3.co.uk that those responsible are unlikely to be punished for their crimes.

Luis Corrons, technical director at Panda Security, worked with the FBI, the Spanish Guardia Civil and other groups to shutdown the botnet in December 2009.

Three months later it was announced that three men had been arrested in connection with Mariposa.

The botnet stole account information for social media sites and other online email services, usernames and passwords, banking credentials and credit card data by infiltrating an estimated 12.7 million compromised IP addresses in more than 190 countries.

However, Corrons was pessimistic that the people arrested, including two known by their online names 'Netkairo' and 'Ostiator', will ever be brought to justice, especially as operating a botnet does not currently constitute a crime in Spain.

"The police have to prove that they stole information and then used that information to get money," he explained. "This may take years, and the police have said: 'We think they're not going to jail.' It's really frustrating for us and them."

Corrons believes that, although the Spanish authorities are tightening the law in this area, it is likely to prove too late to indict the masterminds behind Mariposa, which was one of the largest botnets ever recorded.

International collaboration between law enforcers is increasingly important, he said, especially given that botnets like Mariposa can be set up with relatively little technical expertise but inflict widespread damage.