back to article How FBI, police busted massive botnet

More details have emerged about a cybercrime investigation that led to the takedown of a botnet containing 12m zombie PCs and the arrest of three alleged kingpins who built and ran it. As previously reported, the Mariposa botnet was principally geared towards stealing online login credentials for banks, email services and the …


This topic is closed for new posts.
  1. Anonymous Coward

    You lost me... bonnet. Who was wearing the bonnet?!

    1. Rob

      Afternoon tea, you know the rules...

      ... a decent one please, no cheap rubbish ;)

      (Thankfully avoided the screen)

    2. TeeCee Gold badge

      Overreaction at El Reg?

      I suspect that this is an unfortunate result of our repeated complaints about the creeping use of American Engrish around here and some automated checks for same.

      Obviously whoever it was was actually wearing a hood.....

  2. Alex Walsh


    "The malware infected an estimated 12.7 million computers in more than 190 countries."

    Given there are only 196 countries in the world and several in Africa with dubious internet connectivity, this is pretty impressive.

  3. Graham Marsden

    Ok, but...

    ... what have the Police done (if anything) to inform the owners of those 12 million computers that their systems have been compromised?

  4. Yet Another Anonymous coward Silver badge

    More than 190 countries

    Are there more than 190 countries?

    Especially ones with enough computers and internet connections for a botnet

    1. Anonymous Coward
      Anonymous Coward

      There are 246 territories in the world

      with a two-letter country suffix according to the ISO's 3166 standard. See

  5. Steve X
    Thumb Up

    12.7m ?

    Great. Fine them $100 per PC for the cleanup, and if they can't come up with the cash they stay in jail until they've cleaned or re-installed every single PC they used.

    1. Mr_Pitiful

      Call me in

      I'll remove any computer malware/spyware

      Who You Gonna Call.........Healthy Solutions (uk) 07561 566071

      I'd just love to solve this problem

      This might actually put me on a map some place

      Wooo Hooo

      I'm in the Money, I'm in the Money

      Might be time for my meds

      1. chr0m4t1c

        Never mind that

        "Might be time for my meds"

        Might be time to change your phone number,

        You're gonna get so many spam texts and marketing calls your head will spin.

        1. Anonymous Coward
          Anonymous Coward

          Don't you love google...

          and has he sold his 1996 Ford Galaxy on eBay yet?

  6. Robert Carnegie Silver badge

    Yes - imagining Spanish (speaking) villains in butterfly bonnets

    I suppose you meant "Mariposa (Spanish for butterfly) botnet malware".

    Not "bonnet".

  7. Chris Miller


    Certainly means 'butterfly', but it can also be used to mean a homosexual man.

    De nada.

  8. Anonymous Coward
    Thumb Up

    The way of the future

    ... is not to just shut down the botnets. Rather, it's going after the criminals themselves (as the FBI and the Benemérita have done here) and making them serve some hard time. They'll put a dent in the problem when botherders are made to serve as much time as some US crackers and phreakers got in the 1990s.

  9. Anonymous Coward
    Anonymous Coward

    "12m machines run by 3 admins"

    I wonder if any of them are looking for a job?

    @Yet Another Anonymous coward: There are about 200 countries depending on your definition of country / political allegiance. If you're not USAian, "What do they teach in schools these days?". If you're USAian,we already know...

    1. ratfox Silver badge

      Actually, it is a fair comment

      Sure, there are over 200 countries in the world, but I would have guessed that a third of them did not have much computer infrastructure...

      So more than 190 countries really means that the botnet infiltrated computers almost everywhere.

      1. Steve Roper

        To be precise

        There are currently 239 UN-recognised countries. Although some are "dependencies" or "autonomous territories" etc, they still count as separate countries. We have the complete list on our database at work for use on our commercial websites, when we need to create a select box list for purchasers to select which country they live in.

        So "more than 190 countries" is well within the bounds of feasibility, yet it is a monumental achievement nonetheless, since it represents more than 79% of them! (We can assume the remaining < 21% or < 49 countries that weren't infected don't have much in the way of internet access...)

        Still, I can't go without saying - monumental achievement or not - string the bastards up!

  10. Anonymous Coward
    Anonymous Coward

    bit harsh

    surely they did have pretty good hacking skills to make a botnet that big??

    1. Apocalypse Later

      I must be a clever electronics engineer

      Look at this PC I assembled.

    2. Marty


      its just installing bits of software and publishing a few websites.....

      the really hard work is done by the fools who really think that clicking on that link will make them a million dollars, or their dick 20% bigger

      you can go further and blame Microsoft (and why not lol) if they didn't make an OS simple enough for the great unwashed to get online, there would be less fools online that actually click the links in that email that promises to get them laid by the end of the day....

      there should be a compulsory exam to licence people to use a computer/internet for there own safety and that of others that have to use the same PC after them....

      penguin because.... well why not lol...

      1. Anonymous Coward
        Anonymous Coward

        Re: Marty

        "there should be a compulsory exam to licence people to use a computer/internet"

        But who would you trust to write the exam? Anyone from the government? No thanks!

        Q. 1 "Which is the best web browser in the world?"

        WRONG, the answer is INTERNET EXPLORER 6, you fail the internets.

        Q. 2 "What does "zip it" mean in internet parlance?

        WRONG, it means don't publish your address on the internet.

        Q .3 "Downloading music is the same as stealing a car, True or False"

        ...well you get the idea.

      2. LINCARD1000

        "lol" is not a form of punctuation.

        Just makes you look stupid when you post like that in a forum run by and for technically literate people. That is all.

  11. Orclev

    They didn't get the head, they got the tail.

    I'd be willing to bet that these guys are just the dumb patsies that got talked into running this thing by the guys that actually wrote it. Makes since if you think about it. You're a smart, talented malware author (of dubious morals naturally) so you know the odds of getting caught while running one of these things although slim are not worth the risk, so what do you do? You find a couple of morons and get them to pay you a nice fat chunk of money for your malware, and then they run all the risk should the C&C servers ever get backtracked as happened in this case. I'd bet you'll be seeing a mariposa mark 2 making the rounds before too much longer being controlled by a new set of patsies.

  12. Anonymous Coward
    Anonymous Coward

    RE: bit harsh

    Agree AC, definately 1337 status.

    1. Anonymous Coward

      @AC 23:08 GMT

      Anyone who thinks this is 1337 is 1336 themselves.

      Not AC because I am willing to be an adult.

  13. Anonymous Coward
    Anonymous Coward

    ...relatively unskilled cyber criminals...

    Which Ministry of Truth offcial spouted that propaganda?

    If 3 people can do what they are accused of, then the West has already lost a future cyber war with China.

    And without high technology, the US can't win a war.

    Oh wait, they can't even with it.

  14. Rob 34

    12.7 million infections...

    ... but only "one of" the largest botnets? My God how many more are there are larger than this one was?

  15. Nick

    Re: They didn't get the head, they got the tail

    I think that you're right there. I'm not at all sure that the criminal/technical mastermind behind this would have just lost the plot and connected from a traceable location. Sounds more like a patsy who's trying desperately patch things up.

    I can't help wondering whether the US would have been so happy to co-operate with a foreign country to put away a US citizen though.

    1. asdf

      patsys talk

      Perhaps after facing 30 years these morons will talk. Still its Spain so they are probably only looking at 6 months low security. Yes the USA justice system is barbaric and unfair, etc but rarely do people get off lighter than is reasonable (ask DC Sniper we executed few months back).

  16. SIGTERMer
    Thumb Down

    lucky break

    it took them sheer luck to catch these guys.

    what if the the "botmaster" (amazing title, by the way) was smart enough to avoid directly accessing his server. what then? he'd probably relocate and reopen shop somewhere else.

    I'd blame the 12700000 computers' users who gave these clowns the resources they needed.

  17. Maty

    Naturally ...

    All the tecchy cyber-savvy types here, are absolutely, 100% certain none of the computers they run have been botted. Not a single trojan or rootkit in the lot. Definitely not.

    yeah ...sure?

    1. Anonymous Coward



      compromised Windows PCs.


      I run OSX

  18. Dr Christian

    12.7 Million IP's != 12.7 Million unique computers

    12.7 Million IP's != 12.7 Million unique computers. There are still ISP's that don't hand out static IP's ya know.

    1. foo_bar_baz

      Gimme a break

      More often or not you get the same IP from a DHCP server, depending of course on the DHCP server configuration, how long the machine was offline and how heavily subscribed the address pool is. In any case I don't think the sample came from such a long period of time that machines would have been switched off long enough to make them appear from multiple addresses.

      I thought you'd say there are lots of computer behind NAT, meaning the number of computers is actually higher.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020