13m users worldwide affected by Mariposa botnet

Following the worldwide shutdown of the Mariposa botnet last week, Panda Security reported today that the massive botnet had infected 13 million computers in 190 countries and 31,901 cities.

According to Luis Corrons, Technical Director of PandaLabs, “The highest infection ratios are found in countries where computer security education is not a priority. However, in countries where cyber security awareness campaigns have been prioritized over the last few years, like the United States, Germany, UK and Japan, the number of infections was significantly lower.”

The top 10 cities most affected by Mariposa were Seoul (5.36% of compromised IP addresses), Bombay (4.45%), New Delhi (4.27%), Mexico City (3.89%), Bogota (2.68%), Lima (1.98%), Kiev (1.68%), Bangalore (1.39%), Islamabad (1.24%) and Tehran (1.23%).

When looking at the infection rate by country, India leads the ranking (19.14% of all infections), followed by Mexico (with 12.85%) and Brazil (7.74%). The U.S. ranked 20th out of the 190 countries where computers were infected (with 1.05%).

Mariposa infection breakdown by country:

“The coordinated effort of all Mariposa Working Group members led to the worldwide shutdown of the Mariposa botnet on December 23 at 11:00 am ET. On that date, we seized control of the communication channels used by Mariposa, effectively severing the botnet from its criminal creators and redirecting all requests to a server controlled by us. At that time we realized the huge number of IP addresses controlled by the bot, almost 13 million, and determined the astonishing number of affected countries and cities. The compromised IP addresses include personal, government and corporate computers,” explains Corrons.

According to David Dagon, Ph.D. Candidate at the Georgia Institute of Technology, “I think a remarkable aspect of this botnet is that it reverses the normal expectations about infections. Usually, the press tells us that ‘eastern’ botmasters are attacking ‘western’ victims. In Mariposa’s case, we tend to see the opposite: some botmasters in the west, and victims in the east. The lesson learned is that we all face a common threat.”




Share this