Co-ordinated effort crushes Mariposa botnet

The Mariposa botnet was controlling PCs in more than 190 countries

Spanish authorities have shut down one of the world's largest botnets and arrested three of its alleged ringleaders, according to two IT security firms involved in the investigation.

The Mariposa botnet was finally shutdown and rendered inactive on 23 December thanks to a collaboration between Panda Security, Defence Intelligence, the FBI and Spanish Guardia Civil, among others.

Mariposa had grown to a huge scale, stealing account information for social media sites and other services, usernames and passwords, banking credentials and credit card data by compromising an estimated 12.7 million IP addresses in more than 190 countries.

"Our preliminary analysis indicates that the botmasters did not have advanced hacking skills," said Pedro Bustamente, senior research advisor at Panda Security.

"This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss.

"We are extremely proud of the co-ordinated effort made by all of the Mariposa Working Group members, and the speed at which we were able to bring down this massive botnet and the criminals behind it."

The Mariposa Working Group was set up by the Georgia Tech Information Security Center, Defence Intelligence and Panda to analyse the command-and-control structure of the botnet, ultimately resulting in its worldwide shutdown.

The group also revealed that the botnet spread very effectively via P2P networks, USB drives and MSN links.