More details have emerged about a cybercrime investigation that led to the takedown of a botnet containing 12m zombie PCs and the arrest of three alleged kingpins who built and ran it. As previously reported, the Mariposa botnet was principally geared towards stealing online login credentials for banks, email services and the …
You lost me...
...at bonnet. Who was wearing the bonnet?!
Afternoon tea, you know the rules...
... a decent one please, no cheap rubbish ;)
(Thankfully avoided the screen)
Overreaction at El Reg?
I suspect that this is an unfortunate result of our repeated complaints about the creeping use of American Engrish around here and some automated checks for same.
Obviously whoever it was was actually wearing a hood.....
"The malware infected an estimated 12.7 million computers in more than 190 countries."
Given there are only 196 countries in the world and several in Africa with dubious internet connectivity, this is pretty impressive.
... what have the Police done (if anything) to inform the owners of those 12 million computers that their systems have been compromised?
More than 190 countries
Are there more than 190 countries?
Especially ones with enough computers and internet connections for a botnet
There are 246 territories in the world
with a two-letter country suffix according to the ISO's 3166 standard. See
Great. Fine them $100 per PC for the cleanup, and if they can't come up with the cash they stay in jail until they've cleaned or re-installed every single PC they used.
Call me in
I'll remove any computer malware/spyware
Who You Gonna Call.........Healthy Solutions (uk) 07561 566071
I'd just love to solve this problem
This might actually put me on a map some place
I'm in the Money, I'm in the Money
Might be time for my meds
Never mind that
"Might be time for my meds"
Might be time to change your phone number,
You're gonna get so many spam texts and marketing calls your head will spin.
Don't you love google...
and has he sold his 1996 Ford Galaxy on eBay yet?
Yes - imagining Spanish (speaking) villains in butterfly bonnets
I suppose you meant "Mariposa (Spanish for butterfly) botnet malware".
Certainly means 'butterfly', but it can also be used to mean a homosexual man.
The way of the future
... is not to just shut down the botnets. Rather, it's going after the criminals themselves (as the FBI and the Benemérita have done here) and making them serve some hard time. They'll put a dent in the problem when botherders are made to serve as much time as some US crackers and phreakers got in the 1990s.
"12m machines run by 3 admins"
I wonder if any of them are looking for a job?
@Yet Another Anonymous coward: There are about 200 countries depending on your definition of country / political allegiance. If you're not USAian, "What do they teach in schools these days?". If you're USAian,we already know...
Actually, it is a fair comment
Sure, there are over 200 countries in the world, but I would have guessed that a third of them did not have much computer infrastructure...
So more than 190 countries really means that the botnet infiltrated computers almost everywhere.
To be precise
There are currently 239 UN-recognised countries. Although some are "dependencies" or "autonomous territories" etc, they still count as separate countries. We have the complete list on our database at work for use on our commercial websites, when we need to create a select box list for purchasers to select which country they live in.
So "more than 190 countries" is well within the bounds of feasibility, yet it is a monumental achievement nonetheless, since it represents more than 79% of them! (We can assume the remaining < 21% or < 49 countries that weren't infected don't have much in the way of internet access...)
Still, I can't go without saying - monumental achievement or not - string the bastards up!
surely they did have pretty good hacking skills to make a botnet that big??
I must be a clever electronics engineer
Look at this PC I assembled.
its just installing bits of software and publishing a few websites.....
the really hard work is done by the fools who really think that clicking on that link will make them a million dollars, or their dick 20% bigger
you can go further and blame Microsoft (and why not lol) if they didn't make an OS simple enough for the great unwashed to get online, there would be less fools online that actually click the links in that email that promises to get them laid by the end of the day....
there should be a compulsory exam to licence people to use a computer/internet for there own safety and that of others that have to use the same PC after them....
penguin because.... well why not lol...
"there should be a compulsory exam to licence people to use a computer/internet"
But who would you trust to write the exam? Anyone from the government? No thanks!
Q. 1 "Which is the best web browser in the world?"
WRONG, the answer is INTERNET EXPLORER 6, you fail the internets.
Q. 2 "What does "zip it" mean in internet parlance?
WRONG, it means don't publish your address on the internet.
Q .3 "Downloading music is the same as stealing a car, True or False"
...well you get the idea.
"lol" is not a form of punctuation.
Just makes you look stupid when you post like that in a forum run by and for technically literate people. That is all.
They didn't get the head, they got the tail.
I'd be willing to bet that these guys are just the dumb patsies that got talked into running this thing by the guys that actually wrote it. Makes since if you think about it. You're a smart, talented malware author (of dubious morals naturally) so you know the odds of getting caught while running one of these things although slim are not worth the risk, so what do you do? You find a couple of morons and get them to pay you a nice fat chunk of money for your malware, and then they run all the risk should the C&C servers ever get backtracked as happened in this case. I'd bet you'll be seeing a mariposa mark 2 making the rounds before too much longer being controlled by a new set of patsies.
RE: bit harsh
Agree AC, definately 1337 status.
@AC 23:08 GMT
Anyone who thinks this is 1337 is 1336 themselves.
Not AC because I am willing to be an adult.
...relatively unskilled cyber criminals...
Which Ministry of Truth offcial spouted that propaganda?
If 3 people can do what they are accused of, then the West has already lost a future cyber war with China.
And without high technology, the US can't win a war.
Oh wait, they can't even with it.
12.7 million infections...
... but only "one of" the largest botnets? My God how many more are there are larger than this one was?
Re: They didn't get the head, they got the tail
I think that you're right there. I'm not at all sure that the criminal/technical mastermind behind this would have just lost the plot and connected from a traceable location. Sounds more like a patsy who's trying desperately patch things up.
I can't help wondering whether the US would have been so happy to co-operate with a foreign country to put away a US citizen though.
Perhaps after facing 30 years these morons will talk. Still its Spain so they are probably only looking at 6 months low security. Yes the USA justice system is barbaric and unfair, etc but rarely do people get off lighter than is reasonable (ask DC Sniper we executed few months back).
it took them sheer luck to catch these guys.
what if the the "botmaster" (amazing title, by the way) was smart enough to avoid directly accessing his server. what then? he'd probably relocate and reopen shop somewhere else.
I'd blame the 12700000 computers' users who gave these clowns the resources they needed.
All the tecchy cyber-savvy types here, are absolutely, 100% certain none of the computers they run have been botted. Not a single trojan or rootkit in the lot. Definitely not.
compromised Windows PCs.
I run OSX
12.7 Million IP's != 12.7 Million unique computers
12.7 Million IP's != 12.7 Million unique computers. There are still ISP's that don't hand out static IP's ya know.
Gimme a break
More often or not you get the same IP from a DHCP server, depending of course on the DHCP server configuration, how long the machine was offline and how heavily subscribed the address pool is. In any case I don't think the sample came from such a long period of time that machines would have been switched off long enough to make them appear from multiple addresses.
I thought you'd say there are lots of computer behind NAT, meaning the number of computers is actually higher.