Suspected 'Mariposa Botnet' creator arrested
US, Spanish and Slovenian law enforcement authorities on Wednesday announced the arrest of the suspected creator of the "Mariposa Botnet," a vast network of virus-infected computers used by criminal hackers.
The suspect, a 23-year-old Slovenian citizen identified only as "Iserdo," was arrested by Slovenian police last week, the FBI, the Slovenian Criminal Police and the Spanish Guardia Civil said in a joint statement.
Three suspected Mariposa Botnet operators -- Florencio Carro Ruiz, Jonathan Pazos Rivera, and Juan Jose Bellido Rios -- were arrested in Spain in February and are facing prosecution for computer crimes.
A botnet is a network of malware-infected computers that can be controlled remotely and used to carry out attacks or other operations.
The Mariposa Botnet was designed to steal credit card data, online banking passwords, account information for social networking sites and other sensitive information.
It was also used to spread viruses and launch denial of service attacks, in which a website's servers are overwhelmed by simultaneous visits from infected computers.
At the time of the arrests in Spain, Spanish police said the botnet affected machines around the globe in homes, universities, banks, government agencies and companies, including more than half of the largest US firms on the Fortune 1,000 list.
The FBI said the arrests were the result of a two-year joint investigation into the Mariposa Botnet, which may have infected as many as eight million to 12 million computers around the world.
According to the FBI, the Mariposa Botnet was built with a computer virus created by the arrested Slovenian known as the "Butterfly Bot."
"In the last two years, the software used to create the Mariposa Botnet was sold to hundreds of other criminals, making it one of the most notorious in the world," FBI director Robert Mueller said.
The authorities have not provided any estimate for how much money may have been stolen using the Mariposa Botnet but security experts said removing the virus alone from affected PCs could cost tens of millions of dollars.
The Mariposa Botnet was shut down in December in a joint operation carried out by the Spanish police, the FBI and two private information security firms, Canada's Defence Intelligence and Spain's Panda Security.
The Mariposa Botnet, named after the Spanish word for butterfly, was first detected in May 2009 by Defence Intelligence which then alerted the FBI.
Spanish police said it was so big it could have been used to "carry out a cyberterrorism attack which would be much greater than those staged against Estonia or Georgia."
Estonia suffered massive denial of service attacks in 2007 while Georgian websites suffered similar attacks a year later. In both cases the attacks coincided with diplomatic tensions between the two nations and Russia.
FBI cyber division assistant director Gordon Snow welcomed the cooperation of the Slovenian and Spanish authorities in the case.
"Cyber crime knows no boundaries, and without international collaboration, our efforts to dismantle these operations would be impossible," he said.
"The cyber kingpins know that they are not invincible anymore," added Major Juan Salom, commander of the Guardia Civil's cyber crime division. "It doesn't matter where or how they try to hide, they will be located and prosecuted."
© 2010 AFP