Mariposa FAQ.

Q. How big is the botnet?
A. We originally estimated the botnet to be between 150 to 200k compromised systems. We now know that over 1.5 million unique systems have been compromised and are members of the Mariposa botnet.

Q. What does it do?
A. Though it was designed for information theft, Mariposa is most actively being used to drop more malware onto the compromised systems. This most recently includes the BlackEnergy DDOS malware which is used in distributed denial of service attacks.

Q. Who created it?
A. We are still investigating who is behind the Mariposa botnet and are working with law enforcement on the details.

Q. What banks/companies are involved? Who have you talked with?
A. We can't release any specific names. We have contacted or attempted to contact all critical groups affected.

Q. When did you find it?
A. We have been tracking it since May of this year.

Q. What does Defence Intelligence do?
A. We specialize in compromise detection and prevention.

Q. How does it spread?
A. By default, the malware is designed to spread across instant messenger programs, USB keys, and P2P networks. During our analysis we have observed attempts by the malware to spread across MSN messenger.

Q. What is Mariposa's growth rate?
A. We are currently calculated a new growth rate.

Q. Does AV detect it?
A. With 70 variants, some of them will be detected and some won't.

Q. How can it be detected and mitigated?
A. Some Snort rules and a Wireshark plugin are available to the right under "Coverage." Removal techniques will have to be determined by the individual.

Click here to find out how Defence Intelligence products and services will provide a strong level of protection over your network, keeping you safe and secure.