Monday, September 28, 2009

Mariposa, the new botnet



50 of the world’s Fortune 100 companies are actively participating in this new botnet named Mariposa, discovered by Defense Intelligence on May 2009.

- 70 variants
- Seems to be driven from butterfly bot kit
- Butterfly bot kit uses 3 methods for propagation: MSN, USB, and P2P
- Features: password stealing, email harvesting, DDOS, browser password harvesting, ....
- Detection: check your DNS records for queries to "butterfly.sinip.es" or domains contains "butterfly"

Updated:
- Several Anti-Virus vendors claim that this malware is not a new one and they are already detecting it.


- Wireshark plugin for obfuscated Mariposa traffic.

No comments: