Page last updated at 13:02 GMT, Wednesday, 3 March 2010

Spanish police arrest masterminds of 'massive' botnet

sign saying what's in your network
Few owners of hijacked machines know they have been compromised

Spanish police have revealed that they have arrested three men responsible for one of the world's biggest networks of virus-infected computers.

All are Spanish citizens with no criminal records and limited hacking skills.

It is estimated that the so-called Mariposa botnet was made up of nearly 13 million computers in 190 countries.

It included PCs inside more than half of Fortune 1000 companies and more than 40 major banks, investigators said.

The criminals have so far only been identified by their internet names, netkairo, aged 31, johnyloleante, aged 30 and ostiator, 25.

Other arrests may follow, the investigators believe.

The first member of the gang was arrested in early February, when he inadvertently logged into the network without disguising the address of his computer.

His computer linked investigators to two more suspects who were arrested later in the month.

'Limited skills'

The botnet was being monitored and was rendered inactive in December, following a major investigation conducted by the FBI, the Spanish Guardia Civil and security experts around the world.

The network of computers was designed to steal sensitive information, including usernames, passwords, banking credentials and credit card data, from social media sites and other online e-mail services.

One of the arrested men had 800,000 pieces of personal data on his machine.

Some very high profile businesses were targeted.

"It would be easier for me to provide a list of the Fortune 1000 companies that weren't compromised," said Christopher Davis, chief executive of security firm Defence Intelligence, one of the firms that was invited to join the Mariposa Working Group, which was set up to deal with the botnet in May 2009.

Panda Security was also in the group.

Senior research advisor Pedro Bustamante said the criminals behind the botnet did not have "advanced hacking skills".

"This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss," he said.

The gang made money by renting out parts of the botnet to other cyber-criminals as well as selling stolen credentials and using banking and credit card information to make transactions via so-called money mules.

Working with law enforcement agencies is not without its risks for security firms.

After the botnet was closed down, Defence Intelligence was hit by a Distributed Denial of Service (DDoS) attack as an apparent act of retaliation.

A DDoS attack occurs when a website is bombarded by requests for pages, often by a botnet, effectively taking it offline.

The attack was powerful enough to knock customers of an unnamed ISP offline for several hours.

The firm remains determined to pursue such cases.

"We will continue to fight the threat of botnets and the criminals behind them. We'll start by dismantling their infrastructure and won't stop until they're standing in front of a judge," said Mr Davis.

Botnet graphic

Print Sponsor

Botnet shutdown divides experts
26 Feb 10 |  Technology
Microsoft shuts down spam network
25 Feb 10 |  Technology
Criminals 'may overwhelm the web'
25 Jan 07 |  Business
Cybercrime threat rising sharply
31 Jan 09 |  Davos 2009

The BBC is not responsible for the content of external internet sites

Financial TimesPolice shut down Mariposa hacker ring - 14 hrs ago
Mail Online UK Spanish police arrest ringleaders who infected 13m PCs with credit-card stealing virus - 21 hrs ago
TelegraphMariposa botnet: computer virus arrests - 21 hrs ago
Personal Computer World Co-ordinated effort crushes Mariposa botnet - 21 hrs ago Panda Security and Defence Intelligence Coordinate Massive Botnet Shutdown with International... - 24 hrs ago
* May require registration

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Sign in

BBC navigation

Copyright © 2020 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific