Report: Over 13 Million Users in 190 Countries And 31,901 Cities Affected By Mariposa Botnet

India, Mexico, Brazil and Korea hardest hit by massive attack

Dark Reading Staff, Dark Reading

March 10, 2010

3 Min Read
Dark Reading logo in a gray background | Dark Reading

ORLANDO, Fla., Mar. 10, 2010 " Following the worldwide shutdown of the Mariposa botnet last week, Panda Security reported today that the massive botnet had infected 13 million computers in 190 countries and 31,901 cities. The take down was the result of a collaborative operation spearheaded by Panda Security, Defence Intelligence, the FBI and Spanish Guardia Civil, resulting in three arrests.

According to Luis Corrons, Technical Director of PandaLabs, "The highest infection ratios are found in countries where computer security education is not a priority. However, in countries where cyber security awareness campaigns have been prioritized over the last few years, like the United States, Germany, UK and Japan, the number of infections was significantly lower."

The cities most affected by Mariposa were Seoul (5.36 percent of compromised IP addresses), Bombay (4.45 percent) and New Delhi (4.27 percent).

When looking at the infection rate by country, India leads the ranking (19.14 percent of all infections), followed by Mexico (with 12.85 percent) and Brazil (7.74 percent). The U.S. ranked 20th out of the 190 countries where computers were infected (with 1.05 percent).

An image of the Mariposa infection breakdown by country can be found here.

"The coordinated effort of all Mariposa Working Group members led to the worldwide shutdown of the Mariposa botnet on December 23 at 11:00am ET. On that date, we seized control of the communication channels used by Mariposa, effectively severing the botnet from its criminal creators and redirecting all requests to a server controlled by us. At that time we realized the huge number of IP addresses controlled by the bot, almost 13 million, and determined the astonishing number of affected countries and cities. The compromised IP addresses include personal, government and corporate computers," explains Corrons.

An image of the global infection map can be found here.

The Georgia Institute of Technology has plotted the progress of the Mariposa Botnet in an animation available at http://fritz.cc.gt.atl.ga.us/mariposa/mariposa_major_victim_areas.avi. According to David Dagon, Ph.D. Candidate at the Georgia Institute of Technology, "I think a remarkable aspect of this botnet is that it reverses the normal expectations about infections. Usually, the press tells us that 'eastern' botmasters are attacking 'western' victims. In Mariposa's case, we tend to see the opposite: some botmasters in the west, and victims in the east. The lesson learned is that we all face a common threat."

Panda Security recommends that all users " home users and companies alike " perform an in-depth scan of their computers to make sure they are not infected by the Mariposa bot. Individuals and businesses can do so by using the company's free online scanner Panda ActiveScan or downloading its free cloud-based antivirus service Panda Cloud Antivirus from www.cloudantivirus.com.

About Panda Security

Founded in 1990, Panda Security is the world's leading provider of cloud-based security solutions with products available in more than 23 languages and millions of users located in 195 countries around the world. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology. This innovative security model can automatically analyze and classify thousands of new malware samples per day, guaranteeing corporate customers and home users the most effective protection against Internet threats with minimum impact on PC performance. Panda Security has 56 offices throughout the globe with US headquarters in Florida and European headquarters in Spain.

Panda Security collaborates with Special Olympics, WWF and Invest for Children as part of its Corporate Social Responsibility policy.

For more information, visit http://www.pandasecurity.com/.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights