2014-01-07
Abstract
Author of malware behind one of the world's largest botnets receives prison sentence.
Copyright © 2014 Virus Bulletin
One of the key players behind the Mariposa botnet has been sentenced to almost five years in prison for writing the original malicious code that was used to create the botnet.
The Mariposa botnet was discovered in May 2009 by researchers at Canadian security company Defence Intelligence and at its peak was believed to have infected 12.7 million computers worldwide. The botnet was taken down in March 2010 by Spanish authorities thanks to an investigative effort by the Mariposa Working Group – involving Defence Intelligence, Panda Security, Georgia Tech Information Security Center and other security experts. Three bot herders were arrested at the time of the takedown.
Slovenian virus writer Matjaž Škorjanc was arrested a couple of months later and has now been convicted by a regional Slovenian court of malware creation and money laundering, receiving a sentence of 58 months in prison as well as a fine of 3,000 euros. Škorjanc’s car and apartment – which were judged as having been purchased with proceeds from his crime – were also confiscated by the authorities.
Škorjanc was responsible for creating a malware starter pack – Rimecud – which he sold to other miscreants via underground forums, eventually selling the code to a gang calling themselves the DDP, or Días de Pesadilla, Team (which translates as ‘Nightmare Days Team’), who became the operators of the Mariposa botnet.
Prosecutors estimate that the damage caused by Mariposa ran into tens of millions of euros.
At VB2010, Panda Security’s Pedro Bustamante spoke about the takedown of the Mariposa botnet and the arrest of its operators. Slides from the presentation can be viewed at http://www.virusbtn.com/pdf/conference_slides/2010/Bustamante-VB2010.pdf.
