Government // Cybersecurity
News
7/29/2010
11:28 AM
50%
50%

Mariposa Botnet Creator Arrested

Developer of the malware, used to create almost 10,000 unique pieces of malicious software, was busted in Slovenia.

The FBI announced that as part of a two-year, cross-border investigation into the Mariposa botnet, authorities in Slovenia last week arrested a Slovenian citizen and charged him with being the botnet's creator. The suspect, a 23-year old known as "Iserdo," has not been named. He is currently free on bail.

"As opposed to arresting the guy who broke into your home, we've arrested the guy that gave him the crowbar, the map, and the best houses in the neighborhood. And that is a huge break in the investigation of cyber crimes," said Jeffrey Troy, deputy assistant director for the FBI's cyber division, in a statement.

Over the course of two years, the FBI has been working with authorities in both Slovenia and Spain. That collaboration likewise led to the arrest earlier this year of three suspected Mariposa botnet operators, responsible for renting the botnet to customers in different countries, with the largest uptake occurring in Spain. The suspects have been named by authorities only by their handles: "Netkairo," "Jonyloleante," and "Ostiator." All three are currently being prosecuted in Spain.

Mariposa, which was active from 2008 until earlier this year, when it was finally shut down, stole website passwords and financial information, including people's credit card and bank account data, and also served as a platform for launching denial-of-service and malware attacks. Security experts say that as many as 13 million PCs may have been infected by the botnet.

According to Panda Security in Spain which, together with Canada's Defence Intelligence, helped investigators uncover the identities of Mariposa's creator and operators, Mariposa sold online for between $650 and $2,000. Attackers used it to create almost 10,000 unique pieces of malicious software and over 700 separate botnets, ultimately stealing financial data from people in more than 200 countries.

Successful financial botnets, such as Zeus, often seem to feature a clear division of labor between the software's authors, who focus on refining the toolkit; the distributors, who rent it out; and the buyers, who actually use it to launch attacks.

"What's exciting about these arrests is that it's the first time that the authors have been targeted. Typically, the operators of the botnets are caught, but it's extremely rare to have caught the author of the build kit behind the botnet," said Christopher Davis, CEO of Defence Intelligence, in a statement.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.