14 DAY TRIAL // Security experts are working on shutting down a new botnet based on a modified Palevo version whose creators were arrested last week in Europe.
According to a security firm called Unveillance which is involved in the effort, the new botnet affects computers in over 172 countries, including the United States, Russia, Brazil, China, UK and Iran.
The malware powering the botnet is a variant of Palevo, a computer worm that spreads by exploiting Windows vulnerabilities, copying itself to removable storage devices and network shares, as well as sending itself over instant messaging and p2p file sharing networks.
Palevo, also known as Pilleuz or Rimecud, was also responsible for the Mariposa (Butterfly) botnet that was taken down by Spanish authorities in March 2010. At the time, the botnet was considered to be the largest in the world.
In July the same year, the Slovenian Criminal Police arrested an individual suspected of being the lead developer behind Palevo, however, the worm made a comeback during the last months of last year.
Security researchers from Trend Micro announced in May that Palevo's activity is as strong as it was before Mariposa was taken down. This was likely the result of the new botnet that Unveillance was tracking.
The law enforcement action in Europe last week ended with arrest of a man from Banja Luka, Bosnia and one from Slovenia. The two are suspected of operating the botnet to steal money from the bank accounts of people worldwide.
One of the suspects attracted attention to himself by buying a luxury apartment and car when he didn't have any apparent source of legal income. He also didn't make great efforts to hide his tracks and registered domains used by the botnet in his name.
Authorities have seized computer equipment and some of the command and control domains were taken offline, however, others remain active. Security researchers continue to analyze the threat in order to find a way of shutting it down.