The Register® — Biting the hand that feeds IT

Feeds

Tequila botnet auto-destructs

Cover blown, ends it all

By John Leyden, 10th June 2010
  • print
  • alert

Agentless Backup is Not a Myth

A botnet targeting Mexican surfers has been dismantled just weeks after it first appeared, apparently by the cybercrook who established it rather than by any action by the federales or ISPs.

Trend Micro reckons cybercrooks pressed the auto-destruct on the Tequila botnet, perhaps because an earlier post by the security firm blew its cover and exposed the proxy servers and redirected hosts used by botherders in controlling the network of virus-infected, compromised PCs that made up its ranks. New instructions sent to the bots late last week effectively switched off the flow of phishing attack emails the zombie network was spreading.

The cybercrook behind the Tequila botnet wasted little time in establishing a new network of compromised PCs, dubbed the Mariachi botnet, but this zombie network is not as feature-rich or capable as its defunct sibling. By Monday however both botnets went offline after their respective command-and-control (C&C) servers were taken down. Hosting provider Bluehost pulled the plug on the Mariachi botnet while the more complex control infrastructure of the Tequilla botnet also went down, likely at the hands of its former master.

Trend Micro has a blog post on the rise and fall of the twin Mexican botnets here. ®

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections
All Reader Comments (7)
Highly Rated
tom 71
Reply Icon

obviously

Obviously trying to establish the third generation botnet, I suggest you forward that bottle onto me, for your own safety of course.

2
0
Bumpy Cat
Reply Icon

Violence solves everything.

I've often wished I could have a few minutes alone with some of the virus/botnet creators whose work I've had to clean up. Just them, me and a baseball bat.

1
0
Steve Roper
Reply Icon

@Bumpy Cat

Why should you have all the fun? I've always advocated that these botherding twats should hang. Publicly. In the city squares, mass hangings from drop-bar gibbets like in 1984, so the cheering crowds of thousands can enjoy the action!

Ch-Click...HOCK! OOOOOORRRRRRRAAAAAAAAAAAAYYYYYYYYY!!!

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17