• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

'Zombie' network smashed

yellow people

Alfrescian (Inf)
Asset
Tech and Science
Mar 3, 2010

'Zombie' network smashed

<!-- end left side bar -->
MARIPOSA-AP.jpg


Civil Guard Jose Antonio Berocal, in charge of Cybercrime, is seen during a news conference in Madrid as authorities smashed one of the world's biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs. -- PHOTO: AP


<!-- story content : start --> MADRID - SPANISH police said on Wednesday they and the FBI had smashed the world's biggest network of virus-infected computers, which hijacked over 13 million PCs, and arrested three people who ran the operation. The group hijacked the computers from individuals and firms from almost every country in the world, allowing them to steal credit card data, usernames and passwords, banking credentials and other information, they said.

'This is the biggest network of zombie computers ever discovered,' the head of a Spanish police unit specialised in tech crimes, Mr Jose Antonio Berrocal, told a news conference in Madrid. The so-called Mariposa network was first detected in May 2009 by private Canadian information security firm Defence Intelligence which alerted the FBI. It was shut down in December 2009. The three suspects who were detained are all Spanish nationals between the ages of 25 and 31. Police found personal data from over 800,000 computer users on the PC belonging the the suspected ringleader of the operation which was taken from his home in Spain's northern Basque region. -- AFP


 

yellow people

Alfrescian (Inf)
Asset
Authorities bust 3 in infection of 13M computers


Authorities bust 3 in infection of 13M computers


ap_logo_106.png
<script type="text/javascript"> if(!YAHOO){var YAHOO = {};} YAHOO.BuzzWidgetTries = 0; (function(){ if(YAHOO && YAHOO.util && YAHOO.util.Event && YAHOO.Media && YAHOO.Media.Buzz){ (function(){ var buzz = new YAHOO.Media.Buzz("buzz-top",{"sync":"buzz-bottom","countPosition":"after","fetchCount":false,"loc_strings":{"buzz_up":"Buzz up!","buzzed":"Buzzed!","one_vote":"{0} vote","n_votes":"{0} votes"}});buzz.onSuccess.subscribe(function(){ if(YAHOO.Updates){ YAHOO.Updates.Disclosure.showDialog({"container":"yup-container","source":"buzz","type":"buzzUp","lang":"en-US"}); } }); })();(function(){ var buzz = new YAHOO.Media.Buzz("buzz-bottom",{"sync":"buzz-top","countPosition":"after","fetchCount":true,"loc_strings":{"buzz_up":"Buzz up!","buzzed":"Buzzed!","one_vote":"{0} vote","n_votes":"{0} votes"}});buzz.onSuccess.subscribe(function(){ if(YAHOO.Updates){ YAHOO.Updates.Disclosure.showDialog({"container":"yup-container","source":"buzz","type":"buzzUp","lang":"en-US"}); } }); })(); } else if(YAHOO.BuzzWidgetTries < 10000) { YAHOO.BuzzWidgetTries += 500; setTimeout(arguments.callee, 500); } })(); </script> <!-- end: .tools -->
<!-- end: .hd --> <!-- end .related-media --> <cite class="vcard">
By JORDAN ROBERTSON, AP Technology Writer Jordan Robertson, Ap Technology Writer </cite> – <abbr title="2010-03-02T11:26:30-0800" class="timedate">Tue Mar 2, 2:26 pm ET

</abbr><abbr title="2010-03-02T11:26:30-0800" class="timedate"></abbr>
SAN FRANCISCO – Authorities have smashed one of the world's biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs. The "botnet" of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators.

Spanish investigators, working with private computer-security firms, have arrested the three alleged ringleaders of the so-called Mariposa botnet, which appeared in December 2008 and grew into one of the biggest weapons of cybercrime. More arrests are expected soon in other countries.
Spanish authorities have planned a news conference for Wednesday in Madrid.

The arrests are significant because the masterminds behind the biggest botnets aren't often taken down. And the story of investigators' hunt for them offers a rare glimpse at the tactics used to trace the origin of computer crimes. Also, the suspects go against the stereotype of genius programmers often associated with cyber crime. The suspects weren't brilliant hackers but had underworld contacts who helped them build and operate the botnet, Cesar Lorenza, a captain with Spain's Guardia Civil, which is investigating the case, told The Associated Press.

Investigators were examining bank records and seized computers to determine how much money the criminals made. "They're not like these people from the Russian mafia or Eastern European mafia who like to have sports cars and good watches and good suits — the most frightening thing is they are normal people who are earning a lot of money with cybercrime," Lorenza said. The three suspects were described as Spanish citizens with no criminal records. They weren't named and their mug shots weren't released, which Lorenza said is standard in Spain to protect the privacy of defendants. They face up to six years in prison if convicted of hacking charges.

Authorities identified them by their Internet handles and their ages: "netkairo," 31; "jonyloleante," 30; and "ostiator," 25. Botnets are networks of infected PCs that have been hijacked from their owners, often without their knowledge, and put into the control of criminals. Linked together, the machines supply an enormous amount of computing power to spammers, identity thieves, and Internet attackers. The Mariposa botnet, which has been dismantled, was easily one of the world's biggest. It spread to more than 190 countries, according to researchers.

It also appears to be far more sophisticated than the botnet that was used to hack into Google Inc. and other companies in the attack that led Google to threaten to pull out of China.
The researchers that helped take down Mariposa first started looking at it in the spring of 2009. Chris Davis, CEO of Ottawa-based Defence Intelligence, said he noticed the infections when they appeared on networks of some of his firm's clients, including pharmaceutical companies and banks. It wasn't until several months later that he realized the infections were part of something much bigger.

After seeing that some of the servers used to control computers in the botnet were located in Spain, Davis and researchers from the Georgia Tech Information Security Center joined with software firm Panda Security, which is headquartered in Bilbao, Spain. The investigators caught a few lucky breaks. For one, the suspects used Internet services that wound up cooperating with investigators. That isn't always the case. Critically, one suspect also made direct connections from his own computer to try and reclaim control of his botnet after authorities took it down around Christmas. Investigators were able to identify him based on that traffic.

They were able to back up their claims with records from domains he registered where he would eventually host malicious content.
It turned out that the botnet runners had infected computers by instant-messaging malicious links to contacts on infected computers. They also got viruses onto removable thumb drives and through peer-to-peer networks. The program used to create the botnet was known as Mariposa, from the Spanish word for "butterfly." "I don't think there's anything about this guy that makes him smarter than any of the other botnet guys, but the (Mariposa) software, it's very professional, it's very effective," said Pedro Bustamante, senior research adviser with Panda Security. "It came alive and started spreading and it got bigger than him."

While arrests of people accused of running smaller botnets are fairly common, the biggest botnet leaders are rarely nabbed. That's partly because it's easy for criminals to hide their identities by disguising the source of their Internet traffic. Often, every computing resource they use is stolen. For instance, there have been no busts yet in the spread of the Conficker worm, which infected 3 million to 12 million PCs running Microsoft Corp.'s Windows operating system and caused widespread fear that it could be used as a kind of Internet super weapon. The Conficker botnet is still active, but is closely watched by security researchers. The infected computers have so far been used to make money in ordinary ways, pumping out spam and spreading fake antivirus software.


 

yellow people

Alfrescian (Inf)
Asset
Botnet 'masterminds' busted

Botnet 'masterminds' busted

<!-- by line --> <!-- end by line --> <!-- end left side bar -->
chinacom-ap.jpg


The 'botnet' of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators. -- PHOTO: AP



 
Top