Mariposa Resurrecting; Reports Trend Micro

Researchers at Trend Micro the security company caution that 'Mariposa,' which at one time was a greatest botnet worldwide, is gradually reviving to its earlier form.

The name Mariposa was so given to one specific network of bots that during its peak activity, it consisted of a massive 12m contaminated PCs scattered over 190 countries.

The PC-worm based on which the botnet was built is known as Rimecud or Palevo and it spreads by employing various techniques like pasting its replica onto network shares and detachable devices, abusing Windows security flaws, and dispatching itself via P2P file sharing software and Instant Messages.

It was during March 2010 that Mariposa was shutdown when Spanish officials arrested the main herder of the bots along with his dual associates.

Thereafter during July 2010, the Crime Police of Slovenia detained another person doubted as the main Palevo creator.

Ever-since these incidences, there was a steep fall registered in the worm's operations, nevertheless, the malicious program since then is gradually gaining hold.

Discloses the security company, it found the Rimecud worm raise its activity towards Q4-2010 end. It (Trend Micro) also verified from abuse.ch the website that popularly tracks exploitation for determining whether there was any working command-and-control (C&S) server of Mariposa and so found the servers ranging from 100-120.

State the researchers that they examined the worm's modified versions due to which Rimecud's activity was on as well as discovered that albeit presently circulating in the wild, the variants were a little different from their earlier editions, while the core functions continued as before. Net-security.org published this on May 26, 2011.

Moreover, the security company underscores that WORM_PALEVO which's one modularized bot is chiefly utilized for launching DDoS assaults as well as to pull down more malicious programs. Being a bot to execute commercial activity, Palevo's modules in varied sections are for sale if the bot-accumulators wish to add things like browser hijacking or monitoring, propagation, inundating or taking down regulars to their developments, or cookie stuffing. Worryingly, while the bots receive commands and send data to their C&C servers, they utilize User Datagram Protocol that's undetectable to firewalls.

Related article: Mariposa Botnet Creators May Not Face Imprisonment

» SPAMfighter News - 6/6/2011