PRZOOM - /newswire/ -
Tres Cantos, Madrid, Spain, 2010/03/10 - After the recent worldwide shutdown of the Mariposa botnet –in a joint operation by Panda Security, Defence Intelligence, the FBI and the Spanish Guardia Civil, resulting in three arrests-, it has been discovered that the massive botnet had infected.
According to Luis Corrons, Technical Director of PandaLabs, “The highest infection ratios are found in countries where computer security education is not a priority. However, in countries where computer security awareness campaigns have been run over the last few years, like the United States, Germany, UK or Japan, the number of infections has been much less.”
The cities most affected have been Seoul (5.36% of compromised IP addresses), Bombay (4.45%) and New Delhi (4.27%). The top 20 is as follows:
1 Seoul 5.36%
2 Bombay 4.45%
3 New Delhi 4.27%
4 Mexico 3.89%
5 Bogota 2.68%
6 Lima 1.98%
7 Kiev 1.68%
8 Bangalore 1.39%
9 Islamabad 1.24%
10 Tehran 1.23%
11 Kuala Lumpur 1.16%
12 Madras 1.11%
13 Santiago 1.03%
14 Cairo 1.01%
15 Hyderabad 0.82%
16 Santo Domingo 0.75%
17 Rio de Janeiro 0.75%
18 Riyadh 0.72%
19 Medellín 0.65%
20 Dubai 0.63%
As for countries, the ranking is headed by India (19.14% of all infections), followed by Mexico (with 12.85%) and Brazil (7.74%). The top 20 is as follows.
INDIA: 19.14 - MEXICO: 12,85 - BRAZIL: 7.74 - KOREA: 7.24 - COLOMBIA: 4.94 - RUSSIA: 3.14 - EGYPT: 2.99 - MALAYSIA: 2.86 - UKRAINE: 2.69 - PAKISTAN: 2.55 - PERU: 2.42 - IRAN: 2.07 - SAUDI ARABIA: 1.85 - CHILE: 1.74 - KAZAKHSTAN: 1.38 - UNITED ARAB EMIRATES: 1.15 - MOROCCO: 1.13 - ARGENTINA: 1.10 - UNITED STATES: 1.05
“The coordinated effort of all the parties involved in the Mariposa Working Group led to the worldwide shutdown of the Mariposa botnet on December 23 at 5:00 PM (GMT +1). On that date, we seized control of the communication channels used by Mariposa, effectively severing the botnet from its criminal creators and redirecting all request to a server controlled by us. It was then that we realized the huge number of IP addresses controlled by the bot, almost 13 million, and found out about the high number of affected countries and cities”, explains Corrons.
He goes on to say, “The compromised IP addresses include both personal and corporate computers. The global infection map is as follows:”
David Dagon, Ph.D. Candidate at the Georgia Institute of Technology, reflects on the Mariposa geographical distribution: “I think a remarkable aspect of this botnet is that it reverses the normal expectations about infections. Usually, the press tells us that 'eastern' botmasters are attacking 'western' victims. (E.g., Russian botmasters and US/EU victims.) In Mariposa, we tend to see the opposite: some botmasters in the west, and victims in the east. The lesson learned is: We all face a common threat.”
Panda Security recommend that all users – home users and companies alike – perform an in-depth scan of their computers to make sure they are not infected by the Mariposa bot. They can do so by using the free online scanner Panda ActiveScan or downloading the free cloud-based solution Panda Cloud Antivirus.
About Panda Security
Founded in 1990, Panda Security (pandasecurity.com) is the world’s leading provider of cloud-based security solutions, with products available in more than 23 languages and millions of users located in 195 countries around the world. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology. This innovative security model can automatically analyze and classify thousands of new malware samples every day, guaranteeing corporate customers and home users the most effective protection against Internet threats with minimum impact on system performance. Panda Security has 56 offices throughout the globe with US headquarters in California and European headquarters in Spain.
Panda Security collaborates with Special Olympics, WWF and Invest for Children as part of its Corporate Social Responsibility policy.