50 of the world’s Fortune 100 companies are actively participating in this new botnet named Mariposa, discovered by Defense Intelligence on May 2009.
- 70 variants
- Seems to be driven from butterfly bot kit
- Butterfly bot kit uses 3 methods for propagation: MSN, USB, and P2P
- Features: password stealing, email harvesting, DDOS, browser password harvesting, ....
- Detection: check your DNS records for queries to "butterfly.sinip.es" or domains contains "butterfly"
- Several Anti-Virus vendors claim that this malware is not a new one and they are already detecting it.
- Wireshark plugin for obfuscated Mariposa traffic.