Trend Micro Tracks Down Tequila Botnet’s Creator

Researchers at Trend Micro the IT security company have been putting great effort to find a certain criminal, the person behind Tequila botnet whom they've named Mr. L. State the researchers, the person profusely exploited harmless Web-surfers, mainly belonging to Mexico and Chile. Moreover, as per latest discoveries, Mr. L continues with his traditional tactics related to data theft and money usurping. Trendmicro.com reported this in news on March 21, 2011.

The security company, which conducted one analysis, discovered that particular phrases were repeatedly used within the script utilized for deploying the Tequila bot and as a result they got vital evidence towards tracking the threat. Incidentally, the Tequila creator, within a web-page, disclosed hosted services that consisted of e-mail id, name and telephone number, and this served as a clue while the researchers recorded the page. Diarioti.com published this on March 23, 2011.

Actually, it was during May 2010 when the attacks started wherein a few Mexican Internet surfers got an e-mail depicting fake details about a 4-year-old mother's nude images. The attackers used this lure for attracting people's notice and entrapping them into taking down and executing malware through a cunningly crafted website. Diarioti.com published this.

Moreover, during June 2010, it was posted on trendmicro.com that it was possible for botnet Tequila to pull down applications like FAKEAV and the information stealing ZBot Trojan from different malevolent websites, either through FTP or HTTP. Also, the Tequila couldn't just be found on malevolent URLs, but also through MSN Messenger and USB devices. Furthermore, the botnet dispatched e-mails, which delivered its own payload through attachments alternatively web-links, which led onto the bot.

Meanwhile, the identification of the first botnet was at Trend Micro that was followed with the identifications of Tequila, Mariachi, Alebrije and Mehika botnets, which are called family Botnet PHP. Diarioti.com reported this.

Nonetheless, during the 2nd-week of March 2011, Trend Micro found one active C&C (command-and-control) server along with more crime tools of which one used the CrimePack attack kit in a tailored edition, an exercise which Mr. L practiced using his earlier bot-networks. Trendmicro.com published this.

Related article: Trend Micro Detects Spam Mail Declaring World War III

» SPAMfighter News - 4/2/2011