Mexican Botnet Goes Offline

Security firm Trend Micro discovered a phishing attack in the first week of June 2010 which was targeted at Spanish Internet users. The attack was detected to be emanating from a Mexican botnet.

The attack used the news of a missing girl's brutal death as a bait to trick visitors into downloading a video. The video was actually a botnet's client program that led to malicious downloads. It was named 'Tequila' botnet by Trend Micro.

The deeper details include that researchers at Trend Micro somehow got access to the command and control server of the botnet and discovered complete information on its management operations and interface. They also closely studied the functions of the botnet.

The researchers found that the botnet downloaded malware (fake AVs and Zbot information stealers) on the target PCs and targeted netizens with phishing assaults that imitated PayPal's website and that of Mexico's largest bank.

Trend Micro security researchers, however, believe that the cyber criminals that operated Tequila botnet barely wasted any time to set up a fresh network of infected computers, called Mariachi botnet, but this zombie network is believed to be not that capable or rich in features as Tequila.

Nevertheless, both the botnets went offline by June 7, 2010, after their respective command and control servers were seized.

Trend Micro reveals that the striking part in the closures of these botnets was that the plug on Mariachi was pulled by the hosting provider Bluehost, Tequila's more intricate control infrastructure was most probably taken down at the hands of the botnet's ex-master.

According to reports, the security firm, still keeping an eye on Tequila and Mariachi, said on June 10, 2010 that the command and control servers of both the bots are still inactive.

In the meantime, it is noteworthy that several botnets have been taken down by whitehats in last few months, including Kneber, Zeus, Mariposa and PROXIEZ-NET. Especially, Mariposa's take down was regarded as a great success as it included around 12.7 Million PCs in its network.

Related article: Maximum Trojans in Q1 2007 Were Created to Grab Money

» SPAMfighter News - 6/19/2010