Despite Shutdown Mariposa Botnet Seems Active

Security researchers have claimed that although the Mariposa botnet was taken down during March 2010, it's still running active.

Highlights Threat Researcher Haroon Malik at the FireEye malware Intelligence Lab, a few Mariposa C&C (command-and-control) servers are continuing to run and they are also proliferating. The researcher, on his blog on FireEye, also displays the functioning of the Mariposa through a picture of the network. As per it, the Mariposa got an instruction to proliferate via USB drives. Blog.fireeye.com reported this on June 18, 2010.

Writes Malik, apparently Spanish police failed to catch the whole gang behind Mariposa or else the C&C servers of the botnet have an auto-pilot mode of some sort.

While this may appear slightly difficult to understand for some people, in reality it is not that difficult. According to a simple procedure, the C&C can be programmed to regularly alter the commands. Consequently, a vital lesson comes to home regarding closing of prominent botnets. Evidently, despite the arrest of the bot controllers, the C&C must still be taken down. If that's not done, the system will continue to exist, survive, proliferate and do damage.

In the meantime, it is worth noting that security readers interested in contents related to the Internet are intensely remarking about Malik's speculation. Says one, the name Mariposa was given to a specific botnet, which employed the Butterfly bot badware. The botnet Malik notes is certainly Butterfly bot network, but it isn't Mariposa. The commentator finally writes that he thinks the nameless botnet which Malik is describing in his blog may be larger compared to what Mariposa actually was. Securecomputing.net.au reported this on June 24, 2010.

Remarking about the same subject, Luis Corrons, Technical Director at PandaLabs stated that there wasn't any specific specimen of the Mariposa badware with him. However, he articulated regarding the rumors surrounding the Butterfly bot program. According to him, the particular instruction that Malik mentioned was utilized in the Butterfly bot's previous variants that the gang used, not within those which the gang was currently using at the time of its arrest. SCMagazineUK.com published this on June 22, 2010.

Related article: Deceptive Grum Worm Lies on IE7 Beta Download

» SPAMfighter News - 7/3/2010