Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Botnet Crime Security News

Mariposa Botnet Beheaded 177

Posted by kdawson from the sting-like-a-butterfly dept.
northernboy and many other readers sent news of the beheading of the Mariposa botnet with three arrests in Spain. "Defense Intelligence of Ottawa working with ISPs and Spanish authorities have taken down yet another > 12M PC botnet, called Mariposa. The three top-level operators are in custody, but remain anonymous under Spanish law (how quaint: apparently in Spain, the accused have some right to privacy). AP is claiming that the botnet included systems in roughly half of the Fortune 1000 companies, scattered over 190 countries. Interesting details: none of the three principals has a prior criminal record. Although apparently hardworking, they are not uber-hackers, but rather had connections to the Spanish mafia, which apparently helped to equip them. At the time of arrest, they were not showing signs of their significant new income level. From the article: 'Chris Davis, CEO of Ottawa-based Defence Intelligence, said he noticed the infections when they appeared on networks of some of his firm's clients, including pharmaceutical companies and banks. It wasn't until several months later that he realized the infections were part of something much bigger. After seeing that some of the servers used to control computers in the botnet were located in Spain, Davis and researchers from the Georgia Tech Information Security Center joined with software firm Panda Security, which is headquartered in Bilbao, Spain. The investigators caught a few lucky breaks. For one, the suspects used Internet services that wound up cooperating with investigators. That isn't always the case.'"
This discussion has been archived. No new comments can be posted.

Mariposa Botnet Beheaded More

Mariposa Botnet Beheaded

Comments Filter:

  • apparently in Spain, the accused have privacy (Score:5, Insightful)

    by captainpanic ( 1173915 ) on Wednesday March 03, 2010 @09:30AM (#31344370)

    From TFA:

    how quaint: apparently in Spain, the accused have some right to privacy

    That's because in Spain you're not guilty until proven guilty by a court of law. The days of the Spanish inquisition are over.

    What country doesn't protect its accused in the 21st century?

  • Re:apparently in Spain, the accused have privacy (Score:3, Insightful)

    by bsDaemon ( 87307 ) on Wednesday March 03, 2010 @09:32AM (#31344394)
    In the US at least, the names of the accused are only withheld in the case where the perp is a minor. Of course, we are talking about botnet script-kiddies after all, so whose to say these upstanding individuals aren't actually minors as well?

  • isp's cooperating (Score:4, Insightful)

    by grapeape ( 137008 ) <mpope7@kc.r r . com> on Wednesday March 03, 2010 @09:32AM (#31344400) Homepage

    Great that another one went down, but the line about catching a lucky break was disturbing. ISP's dont normally cooperate when told they are harboring botnets? Isnt not cooperating pretty much the same as supporting it? Why not just publicly list them and black hole them? I would imagine it wouldnt take much of that to get them to want to cooperate.

  • Like the drug war (Score:3, Insightful)

    by tjstork ( 137384 ) <todd DOT bandrowsky AT gmail DOT com> on Wednesday March 03, 2010 @09:34AM (#31344406) Homepage Journal

    All these stories remind me of the war on drugs. Every so often, the government nabs a big drug gang, and they have some impressive sounding stats and a PR photo with as much loot spread out as possible "this cache had a street value of 8 billion dollars", with of course all the guns and other stuff lined up, and, yet, the price of drugs on the street continues to fall, people are still running out of emergency rooms with iv's inserted so they can mainline... this whole sorry truth is that you can't expect the gov't to really defend your computer any more than it can defend your house.

  • Re:apparently in Spain, the accused have privacy (Score:1, Insightful)

    by Anonymous Coward on Wednesday March 03, 2010 @09:46AM (#31344572)

    The USA. There, the theory goes (according to some US expat) that it's more important to keep the police accountable (by having them keep a log about every significant interaction with the general population, incl. the names of all involved).

    In theory, that's a good thing - but only if the average citizen understands the difference between "appeared on the police's books" and "guilty".

  • Re:isp's cooperating (Score:1, Insightful)

    by Anonymous Coward on Wednesday March 03, 2010 @09:46AM (#31344578)

    For the same reason you dont want ISPs to cooperate with the RIAA.

    Because someone says a IP address is doing something they consider bad, doesn't mean the ISP should automatically jump. Yes, in this particular case it sucks, but if you want privacy you have to take the downside with the upside.

  • Re:Dumb Criminals (Score:3, Insightful)

    by CrazyBusError ( 530694 ) on Wednesday March 03, 2010 @09:53AM (#31344654) Homepage
    "If I ever had to 'go rouge' I feel that I could last for years just off of common sense alone by using different public computers in a place with no cameras."

    You'd probably still be caught red-handed, though...

  • Re:apparently in Spain, the accused have privacy (Score:5, Insightful)

    by stiggle ( 649614 ) on Wednesday March 03, 2010 @09:57AM (#31344690)

    Keeping those accused anonymous to the public until the conviction helps prevent jury prejudice from what they see in the media.

    How can you expect a jury not to be influenced by what they is in the media before they sit for the trial.

  • Re:isp's cooperating (Score:3, Insightful)

    by Nos. ( 179609 ) <andrew@th[ ]rrs.ca ['eke' in gap]> on Wednesday March 03, 2010 @10:00AM (#31344740) Homepage

    Its called privacy. I for one am glad that both major ISPs in the area have publicly stated that they don't give out any information without a warrant.

  • Offtopic, but relevant.. (Score:4, Insightful)

    by Archon-X ( 264195 ) on Wednesday March 03, 2010 @10:01AM (#31344752)

    'How quaint' that you're innocent until proven guilty?
    Am I the only one that is getting tired more and more frequently by juvenile editorial quips?

    I used to come here for impartial, to the minute news - neither of which seem to exist in any great quantity anymore.

  • Re:apparently in Spain, the accused have privacy (Score:2, Insightful)

    by Anonymous Coward on Wednesday March 03, 2010 @10:12AM (#31344882)

    So you prefer being arrested and imprisoned without the public or anyone else being aware of it. Law enforcement transparency is the first defense against tyranny.

  • Why is it so hard? (Score:4, Insightful)

    by JustNiz ( 692889 ) on Wednesday March 03, 2010 @10:25AM (#31345058)

    Why is it so hard to dismantle a botnet? Rather than find the botnet owners by technical means, surely all they need to do is determine who are the businesses being advertised via spam from the botnet, and get them to spill who they did their advertising deal with.
    I mean the advert always has to specify somewhere to send your money right?

    It seems to me that if they made it as illegal to be an 'spamvertiser' as it is to be a botnet operator, and actually enforced it with presecutions, I bet the whole botnet and spam thing generally would stop happening due to a lack of businesses willing to pay to use that method for advertising.

  • Re:Different article/same topic (Score:5, Insightful)

    by ConceptJunkie ( 24823 ) on Wednesday March 03, 2010 @10:26AM (#31345080) Homepage Journal

    The most common things people do when they are witnesses to someone committing an illegal activity is re-elect him.

  • Re:apparently in Spain, the accused have privacy (Score:3, Insightful)

    by Anonymous Coward on Wednesday March 03, 2010 @10:28AM (#31345108)

    For the accused? None. It means that, for example, if a girl wants to screw a guy over for the rest of his life she just has to accuse him of rape. The newspapers will publish his name as a suspected rapist and his name is tarnished for the rest of his life, even if he's ultimately exonerated.

    For the newspapers? It sells newspapers and makes them more money. It's a seriously fucked up system. But unfortunately, it's one that's enshrined in that simple concept of freedom of the press: that the press can publish whatever they want as long as it is not a lie. As long as they use the words "accused" and "alleged", they can get away with it. I'd much rather live in a system where the name of the accused is considered private and not published until they are found guilty.

  • Re:Another... (Score:5, Insightful)

    by entrigant ( 233266 ) on Wednesday March 03, 2010 @10:31AM (#31345148)

    What the hell is wrong with you two? The only situation I can find this even remotely acceptable is in response to verified abuse complaints, and even then the appropriate resolution is attempt to contact the customer then disable the entire connection if the customer is unable to resolve the issue. Depending on the severity you don't necessarily need to do it in that order.

    I'm leasing an internet connection. You route IP packets destined for my address directly to me, and you route any and every IP packet I send to the appropriate next hop. The end. No if's, and's or but's. No blocked, ports, no traffic shaping, no injected tcp resets... nothing. Just route the damn traffic.

  • Re:apparently in Spain, the accused have privacy (Score:5, Insightful)

    by Archon-X ( 264195 ) on Wednesday March 03, 2010 @11:38AM (#31346096)

    Which is done, of course, with the understanding that these people are again innocent as they have not been proven otherwise. Since they are innocent, there is nothing for them to be embarrassed about, and no reason not to publish their names.

    Unless they stand accused of something embarassing, like: rape, paedophelia, fraud, beating up grandmas, etc.

  • I've heard of this group before. They are one of the few who actually understand what really needs to be done to make an impact on the spamming epidemic. Rather than building enormous black/white lists or developing ever more CPU-intense filtering algorithms, they are actually going after the sources. They identify where spam is actually originating - that is, the spamvertising domains, not the spamvertised domains - and figure out how to shut it down. They are finding where the botnets and their requisite domains can be targeted and getting the work done. And they are doing it within the confines of a civilized society, rather than the bloodthirsty mercanaries that so many people here are calling for regularly.

  • Re:Another... (Score:3, Insightful)

    by thePowerOfGrayskull ( 905905 ) <marc...paradise@@@gmail...com> on Wednesday March 03, 2010 @01:50PM (#31347938) Homepage Journal

    SMTP - home users should only be able to connect to port 25 on their ISPs mail server. I don't really understand why egress filtering like this isn't being done as a routine course of business these days.

    Probably because of a large number of other email options out there, which offer SMTP and POP3 and aren't connected to the ISP. GMail for example...

  • Re:Offtopic, but relevant.. (Score:4, Insightful)

    by BlueParrot ( 965239 ) on Wednesday March 03, 2010 @03:45PM (#31349344)

    I used to come here for impartial, to the minute news

    When you find a source of that, will you ask them if they can give me a pony unicorn? Preferably a pink one that flies.

Slashdot Top Deals

8 Catfish = 1 Octo-puss

Close