Microsoft Malware Protection Center. In focus: Mariposa botnet
The MMPC added Win32/Rimecud to MSRT’s removal capability in January 2010 and between January and February reported over 1 million distinct machines disinfected from this worm.
The Mariposa botnet criminals presumably use a number of different threats, but it appears to be primarily Win32/Rimecud. It is great to see our industry colleagues moving in the same direction to address these disruptive threats. Rimecud isn’t particularly new and the criminals apparently were trading their goodies at their counter. We first observed Win32/Rimecud in November 2008.
Since January 2010
Certifiedbug: March 3, 2010. Three arrested for running “Mariposa†botnet
