May 25, 2011 17:54 GMT  ·  By

Security researchers from Trend Micro warn that Mariposa, once one of the largest botnets in the world, is slowly, but steadily, growing back to its former self.

Mariposa (Butterfly) was the name given to a particular botnet, which at its peak, was made up of as many as 12 million infected computers spread across 190 countries.

The Mariposa botnet was based on a variant of a worm called Palevo or Rimecud, which is capable of spreading using a variety of methods, including exploiting Windows vulnerabilities, copying itself to removable storage devices and network shares, as well as sending itself over instant messaging and p2p file sharing programs.

Mariposa was dismantled in March 2010 by the Spanish authorities when the lead bot hearder and two of his accomplices were arrested.

In July the same year, the Slovenian Criminal Police arrested an individual suspected of being the lead developer behind Palevo.

Following these events, the worm's activity registered a steep decline, however, according to researchers from Trend Micro, the malware is gaining traction again.

"Lately however we’ve been seeing a strange increase in activity related to WORM_PALEVO—our detection for malware related to the Mariposa botnet. The increase started late in Q4 of 2010," the Trend experts write.

In fact, the worm is almost as active now as in Q1 2010 when it was taken down. According to abuse tracking website abuse.ch, there are currently 118 Palevo command and control servers being tracked.

The new Palevo variants are largely similar in functionality to the old versions. Due to its modularized architecture, the worm can be easily modeled for whatever purpose the cyber criminals desire.

There are modules for DDoS, malware distribution, browser monitoring and hijacking, cookie stuffing and other functions. "We are keeping a close eye on this threat," the Trend Micro researchers say.

As always, users are advised to exercise caution when dealing with links received via instant messaging programs, social networking sites and emails. Running a capable and up-to-date antivirus program is also a must.