Mariposa Botnets Could Control Cookies

A Slovenian man, who was lately arrested for supposedly writing the malware used to build the now-infamous Mariposa botnet, also sold an extra attribute of his bot software, a type of cookie scam known as "cookie-stuffing," as reported by The Register on August 26, 2010.

Cookie-stuffing illegally gains control over cookie files and the user doesn't even realize it. Cookie-staffing may lead to the stealing of millions of dollars regularly. In fact, nobody is capable of assessing the amount being stolen employing this practice, primarily as websites usually don't realize that theft is taking place.

Spanish people operated the Mariposa botnet and infected an approximate of 13 Million computers in more than 190 nations around the globe, harnessing account details, credit card details and banking credentials from social networking websites and other passwords and usernames and online e-mail services. The Slovenian man named 'Isredo' sold the software to the Spaniards, who did not buy a module (feature) for supposed cookie-stuffing.

Luis Carrons, Technical Director of PandaLabs, (which collaborated with Georgia Tech, FBI, and Defense Intelligence to destroy the botnet in December 2009) said that the Spaniards didn't purchase the module, as reported by The Register on August 26, 2010.

As per the security experts, this is somewhat strange because it is quite profitable form of cybercrime. This form is usually neglected but it is a lucrative form of cybercrime where a criminal fixes his own cookies upon legal cookies for affiliate marketing purposes. The Websites with affiliate programs pay a certain commission amount to those affiliates, like reward websites, for getting the customer traffic that eventually carry online transactions on the websites.

Luis Carrons further stated that the most appropriate clarification was that they were not even aware what it was all about. Otherwise they could have doubled the profit they were making.

As per the security experts, cookie-stuffing attacks have been known for many years. Luis stated that he had been monitoring it for more than one year, but it was not so simple to find a solution to this fraud. But luckily, the affiliate networks are known to this problem.

Related article: Mariposa Botnet Creators May Not Face Imprisonment

» SPAMfighter News - 9/1/2010