Spanish police have revealed that
they have arrested three men responsible for one of the world’s biggest
networks of virus-infected computers.
All are Spanish citizens with no
criminal records and limited hacking skills.
It is estimated that the so-called
Mariposa botnet was made up of nearly 13 million computers in 190 countries.
It included PCs inside more than
half of Fortune 1000 companies and more than 40 major banks, investigators
The criminals have so far only been
identified by their internet names, netkairo, aged 31, johnyloleante, aged 30
and ostiator, 25.
Other arrests may follow, the
The first member of the gang was
arrested in early February, when he inadvertently logged into the network
without disguising the address of his computer.
His computer linked investigators
to two more suspects who were arrested later in the month.
The botnet was being monitored and
was rendered inactive in December, following a major investigation conducted by
the FBI, the Spanish Guardia Civil and security experts around the world.
The network of computers was
designed to steal sensitive information, including usernames, passwords,
banking credentials and credit card data, from social media sites and other
online e-mail services.
“It would be easier for me to
provide a list of the Fortune 1000 companies that weren’t compromised,”
said Christopher Davis, chief executive of security firm Defence Intelligence,
one of the firms that was invited to join the Mariposa Working Group, which was
set up to deal with the botnet in May 2009.
Panda Security was also in the
Senior research advisor Pedro
Bustamante said the criminals behind the botnet did not have “advanced
“This is very alarming because
it proves how sophisticated and effective malware distribution software has
become, empowering relatively unskilled cyber criminals to inflict major damage
and financial loss,” he said.