Breaking the Mariposa botnet (Q&A)
PandaLabs' Luis Corrons talks about the international effort that led to the arrest of three men and about what still needs to be done.
At its height, the Mariposa botnet consisted of about 13 million computers in 190 countries. A joint operation by researchers from Canadian security firm Defence Intelligence and Spain's PandaLabs, in conjunction with the FBI and the Guardia Civil, led to the arrest of three men in Spain earlier this month in connection with the Mariposa botnet.
The men, who had no specific computer training, are believed to have played a part in operating the command-and-control servers for the botnet, according to PandaLabs' technical director Luis Corrons, who spoke to ZDNet UK about Mariposa following the arrests.
When did security researchers start tracking the botnet?
Corrons: It started in May 2008. Defence Intelligence noticed companies were getting infected and found a new botnet, which was Mariposa. They started an investigation and found links to Spain. They found that some of the command-and-control servers were located in Spain.
Read more of "How the butterfly botnet was broken" at ZDNet UK.