Home | News Alerts | Authorities take down massive global botnet

Authorities take down massive global botnet

Spyware affected nearly 13 million computers

March 4, 2010

Spanish police on Wednesday announced the arrest of three men accused of running the massive “Mariposa” botnet, an operation that infected 12.7 million computers and stole credit card and online banking credentials.

Mariposa, which is Spanish for “butterfly,” is regarded as one of the most widespread computer viruses ever unleashed. It affected PC’s at more than half of the Fortune 1,000 companies and more than 40 banks before it was dismantled.

Thankfully, investigators said, the suspects did not appear to be brilliant hackers but underworld figures who lived comfortably off their ill-gotten gains, but did not get rich.

“Fortunately this botnet of 13 million computers was controlled by someone who hadn't realized how powerful it was,” Juan Salon, the head of the cybercrime unit of Spain's Civil Guard Police, said during a news conference in Madrid, Reuters reported.

Mariposa was first spotted in December 2008 and quickly grew into a leviathan, gathering strength as if infected more and more PCs. Reuters reported that the criminals exploited a vulnerability in Microsoft’s Internet Explorer browser. AP technology writer Jordan Robertson has an even more expansive account of what happened. He reports that the scammers had infected computers by sending malicious links to users via MSN Messenger. The virus also was placed on removable thumb drives and delivered through peer-to-peer networks.

While the ringleaders of such schemes are rarely caught, one of the suspects “made direct connections from his own computer to try and reclaim control of his botnet after authorities took it down around Christmas,” AP reported. “Investigators were able to identify him based on that traffic.”

The suspects were not identified by name, as per Spanish law, which protects the identities of defendants. Rather, investigators referred to them by their Internet aliases and their ages: "netkairo," 31; "jonyloleante," 30; and "ostiator," 25. Each faces up to six years in prison if convicted of hacking charges.