Spain arrests three accused of running huge botnet

The so-called Mariposa botnet was made up of about 12.7 million PCs infected with worm that stole data and spread via USB drives, MSN Messenger, and P2P networking.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills

Authorities in Spain have arrested three men accused of operating a massive botnet composed of 12.7 million PCs that stole credit card and bank log-in data and infected computers in half of the Fortune 1,000 companies and more than 40 banks, according to published reports.

The botnet "Mariposa," which means butterfly in Spanish, first appeared in December 2008 and grew to be one of the largest botnets ever, The Associated Press reported. It spread the Butterfly worm via removable drives, MSN Messenger, and peer-to-peer programs and targets Windows XP and older systems.

Unlike many underground hackers, the alleged ringleaders of the operation were not skilled programmers, but had contacts who were, authorities said.

"They're not like these people from the Russian mafia or Eastern European mafia who like to have sports cars and good watches and good suits--the most frightening thing is they are normal people who are earning a lot of money with cybercrime," Cesar Lorenza, a captain with Spain's Guardia Civil, which is investigating the case, told the news service.

In Spain, names and mug shots of arrested citizens are not released to protect their privacy, though they were identified by their Internet aliases: "netkairo," 31; "jonyloleante," 30; and "ostiator," 25. They face up to six years in prison if convicted of the hacking charges.

More arrests are expected, authorities said. The botnet is no longer operating, according to the AP report.