India tops countries affected by Mariposa botnet

11 Mar 10

After the recent worldwide shutdown of the Mariposa botnet, a joint operation by Panda Security, Defence Intelligence, the FBI and the Spanish Guardia Civil, resulted in three arrests. It was discovered that the massive botnet had infected 13 million computers in 190 countries and 31,901 cities.

According to Luis Corrons, technical director of PandaLabs, “The highest infection ratios are found in countries where computer security education is not a priority. However, in countries where computer security awareness campaigns have been run over the last few years, like the United States, Germany, UK or Japan, the number of infections has been much less.”

The cities most affected have been Seoul (5.36 per cent of compromised IP addresses), Mumbai (4.45 per cent), New Delhi (4.27 per cent), Bangalore (1.39 per cent), Madras (Chennai) 1.11 per cent and Hyderabad 0.82 per cent. As for countries, the ranking is headed by India (19.14% of all infections), followed by Mexico (with 12.85%) and Brazil (7.74%).

“The coordinated effort of all the parties involved in the Mariposa Working Group led to the worldwide shutdown of the Mariposa botnet on December 23 at 5:00 PM (GMT +1). On that date, we seized control of the communication channels used by Mariposa, effectively severing the botnet from its criminal creators and redirecting all request to a server controlled by us. It was then that we realized the huge number of IP addresses controlled by the bot, almost 13 million, and found out about the high number of affected countries and cities. The compromised IP addresses include both personal and corporate computers," Corrons added.

The Georgia Institute of Technology has plotted the progress of the Mariposa Botnet David Dagon, Ph.D. Candidate at the Georgia Institute of Technology, said, “I think a remarkable aspect of this botnet is that it reverses the normal expectations about infections. Usually, the press tells us that 'eastern' botmasters are attacking 'western' victims. (E.g., Russian botmasters and US/EU victims.) In Mariposa, we tend to see the opposite: some botmasters in the west, and victims in the east. The lesson learned is: We all face a common threat.”

Get the latest stories first with info4security's newsletters: Click to signup

Post and bookmark this story at the following sites:

What is this?

del.icio.us	Digg	Reddit	Google	Newsvine