Over 13 million users in 190 countries and 31,901 cities were affected by the Mariposa botnet, according to Panda Security, which took part in the joint operation to shut the botnet down in December 2009.
Spanish police arrested three people on 3 March as a result of the operation by the Mariposa Working Group (MWG), which also included representatives of the FBI and the Spanish civil guard.
The MWG seized control of the communications channels used by Mariposa, severing the botnet from its criminal creators and redirecting all requests to a server controlled by the MWG.
"The highest infection ratios are found in countries where computer security education is not a priority," said Luis Corrons, technical director of PandaLabs.
But in countries where computer security awareness campaigns have been run over the past few years, such as the US, Germany, the UK and Japan, the number of infections has been much lower, he said.
The cities most affected were Seoul, with 5.36% of compromised IP addresses, Bombay (4.45%) and New Delhi (4.27%).
India was the most affected country, with 19.14% of all infections, followed by Mexico (12.85%) and Brazil (7.74%).
"The compromised IP addresses include both personal and corporate computers, so all internet users should scan their computer to make sure they are not infected," said Corrons.
What makes Mariposa interesting is that it reverses the normal expectations about infections, said David Dagon, a researcher at the Georgia Institute of Technology. In Mariposa, there were some botmasters in the west, and victims in the east. The lesson learned is that we all face a common threat, he said.
|Top 10 cities infected by Mariposa||Top 10 countries infected by Mariposa|