Mariposa Botnet Beheaded

northernboy and many other readers sent news of the beheading of the Mariposa botnet with three arrests in Spain. "Defense Intelligence of Ottawa working with ISPs and Spanish authorities have taken down yet another > 12M PC botnet, called Mariposa. The three top-level operators are in custody, but remain anonymous under Spanish law (how quaint: apparently in Spain, the accused have some right to privacy). AP is claiming that the botnet included systems in roughly half of the Fortune 1000 companies, scattered over 190 countries. Interesting details: none of the three principals has a prior criminal record. Although apparently hardworking, they are not uber-hackers, but rather had connections to the Spanish mafia, which apparently helped to equip them. At the time of arrest, they were not showing signs of their significant new income level. From the article: 'Chris Davis, CEO of Ottawa-based Defence Intelligence, said he noticed the infections when they appeared on networks of some of his firm's clients, including pharmaceutical companies and banks. It wasn't until several months later that he realized the infections were part of something much bigger. After seeing that some of the servers used to control computers in the botnet were located in Spain, Davis and researchers from the Georgia Tech Information Security Center joined with software firm Panda Security, which is headquartered in Bilbao, Spain. The investigators caught a few lucky breaks. For one, the suspects used Internet services that wound up cooperating with investigators. That isn't always the case.'"

Re:apparently in Spain, the accused have privacy

[realityimpaired]

In both the USA and Canada, you're allowed to publish the names of the accused as long as they're adults. The accused need to request that the court protect their anonymity by ordering that their names not be published until after the trial, and the court maintains the right to deny that request.

For juvenile offenders, it's a different story... young offenders must always be referred to by pseudonym to protect their anonymity, and their records are expunged when they turn 18. Unless, of course, they're tried as adults, which has been known to happen in cases of violent crime.

W32.Pilleuz

[sleekware]

Discovered: September 29, 2009
Updated: September 30, 2009 8:32:32 AM
Also Known As: W32/Autorun.worm!a758e0e7 [McAfee], W32/Rimecud [McAfee], W32/Autorun-AUP [Sophos], ButterflyBot.A [Panda Software]
Type: Worm
Infection Length: 109,056 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

W32.Pilleuz is a worm that spreads through file-sharing programs, Microsoft instant messaging clients and removable drives. It also opens a back door on the compromised computer.

Currently, W32.Pilleuz has been most commonly referred to as the Mariposa or Butterfly botnet.

Source: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99 [symantec.com]

Nothing quaint to privacy

[Anonymous Coward]

Some justice systems emphasise correction instead of simple eye for an eye. Even if you make grave missteps, once attoned for you should get a chance to show you've bettered yourself. Too many people will assume ``once a crook, always a crook'', and while not infrequently true, this isn't always the case. If only just for those few people who do better themselves privacy WRT criminal justice is a good thing. Think about it.

There's more: In some countries (eg Spain) the justice system is rooted in the royal prerogative to administer justice, thus criminal justice cases are necessairily crown vs. accused, and therefore the rest of the populace has in principle no need to know the name of the accused. You could argue that for certain cases there would be a legitimate interest or need for the public to know, but that's another discussion and doesn't apply here.

Re:apparently in Spain, the accused have privacy

[julesh]

Of course, we are talking about botnet script-kiddies after all, so whose to say these upstanding individuals aren't actually minors as well?

The Cnet [cnet.com] article provides their ages, which range from 25 to 31.

Re:apparently in Spain, the accused have privacy

[Culture20]

In the U.S. press, it would be portrayed as:
"Three alleged EVIL HACKERS were arrested today for allegedly HACKING MILLIONS OF COMPUTERS! ZOMG!" And then they'd go to the person's home, and knock on the door. If no one answered, that would be taken as damning evidence by the reporter. If a family member came to the door but said the accused wasn't there, that would be taken as damning evidence by the reporter. If the accused were seen and questioned, but said they couldn't comment on the case, that would be taken as damning evidence by the reporter. If a dog farted, that would be taken as damning evidence by the reporter...
allegedly

Re:apparently in Spain, the accused have privacy

[thesaintar]

In Argentina this is the case too, when the media is present, arrested individuals have their faces covered off by the police in order to safeguard their identities

Re:Another...

[NormalVisual]

Did you not read the parent's comment about having ports opened on request before you decided to start flinging the ad homs? The vast majority of home users don't grab their mail from remote servers via POP or IMAP (POP is on port 110, not 25, BTW), and the vast majority of Yahoo and Google mail is delivered via their web interface.

Jesus Christ, use a little bit of critical thought before nerdraging.

Re:Why is it so hard?

[Alioth]

The spamvertisers are *already* advertising and selling products illegally, such as prescription drugs without a prescription, ripped off merchandise, unauthorized copies of proprietary software etc. You don't need to make any new rules, just prosecute the spamvertisers for the laws they already break. The reason these businesses are using spammers to advertise is precisely because what they are doing is already illegal and therefore they cannot use the normal legal advertising channels to hawk their wares.