Mariposa Botnet: Iserdo on Trial

Slovenia
Slovenia (Photo credit: phault)
Slovenia is more than a beautiful European country. Surrounded by Austria, Hungary, Croatia
and Italy, it offers a fascinating history, from their celebrated wines and prehistoric caves to their majestic castles. They have a strong showing at the London Olympic Games too, receiving four Olympic medals to date: one gold, one silver and two bronze. (They have the best per capita medal of the 59 countries that have medals.)
Not everything coming from Slovenia however is a source of pride. On August 7th, the trial began for malware kit author Matjaž Škorjanc, 26, AKA Iserdo. Iserdo is being tried as the purported ‘mastermind’ behind the Mariposa botnet.
The Mariposa botnet is famous for its widespread reach into more
than half of the Fortune 1,000 companies and more than 40 major banks. Its main focus being information theft, the Mariposa botnet was used to steal PII and various login credentials from its victims. Spanish police arrested three men in 2010 who were believed to be running the botnet. Iserdo, now on trial, was connected as the author of the original malware used as the foundation for Mariposa.
Robert Swan Mueller III (born August 7, 1944) ...
Robert Swan Mueller III (born August 7, 1944) – Director of the United States Federal Bureau of Investigation (Photo credit: Wikipedia)

FBI director, Robert S. Mueller III as quoted in the Inquirer,

 “In the last two years, the
software used to create the Mariposa botnet was sold to hundreds of other
criminals, making it one of the most notorious in the world. These cyber
intrusions, thefts, and frauds undermine the integrity of the Internet and the
businesses that rely on it; they also threaten the privacy and the pocketbooks
of all who use the Internet.”
Defence Intelligence, due to its direct involvement with Mariposa, will be closely watching the outcome of the trial, but these kinds of legal proceedings are important to the security community as a whole.  Progress is being made worldwide in regards to punishing those behind malware and botnets, but conviction is often based on very specific or very vague laws.

Georgy Avanesov, the author of the Bredolab malware, received a four year sentence in Armenian courts only three months ago. His sentencing was based on the use of the malware for DDoS attacks. His charges for creating and distributing the malware however, as well as using it for data theft, were dropped.

Just last month three men in Britain were sentenced to multiple years in prison for violating the British Computer Misuse Act of 1990. They were using SpyEye malware to steal banking credentials from compromised users.

Let’s hope Slovenian law is able to encompass Iserdo’s deeds and find a proper sentencing. I know little of Slovenia’s cybercrime laws, but considering Iserdo only wrote the initial malware, conviction may not be imminent. 

For more details
on the identification and dismantling the Mariposa botnet visit: http://defintel.com/about-research.php
Enhanced by Zemanta