-
Source: Reuters
Spanish police have arrested three men accused of masterminding
one of the biggest computer crimes to date - infecting more than 13
million PCs with a virus that stole credit card numbers and other
data.
The men were suspected of running the Mariposa botnet, named after
the Spanish word for butterfly, Spain's Civil Guard said on
Tuesday.
A press conference to give more details is scheduled for
Wednesday.
Mariposa had infected machines in 190 countries in homes,
government agencies, schools, more than half of the world's 1,000
largest companies and at least 40 big financial institutions,
according to two Internet security firms that helped Spanish
officials crack the ring.
"It was so nasty, we thought 'We have to turn this off. We have to
cut off the head,'" said Chris Davis, CEO of Defence Intelligence
Inc, which discovered the virus last year.
The security firms - Defence Intelligence Inc of Canada and Panda
Security S.L. of Spain - did not say how much money the hackers had
stolen from their victims before the ring was shut down on December
23.
Security experts said the cost of removing malicious program
from 13 million machines could run into tens of millions of
dollars.
Mariposa was programmed to secretly take control of infected
machines, recruiting them as "slaves" in an army known as a
"botnet."
It would steal login credentials and record every key stroke on
an infected computer and send the data to a "command and control
centre," where the ringleaders stored it.
"Basically they were going after anything that would make them
money," Davis said.
Mariposa initially spread by exploiting a vulnerability in
Microsoft Corp's Internet Explorer web browser.
It also contaminated machines by infecting USB memory sticks and
by sending out tainted links using Microsoft's MSN instant
messaging software, he said.
A Microsoft spokeswoman said the company did not immediately have
any comment.
The suspected ringleader, nicknamed "Netkairo" and "hamlet1917,"
was arrested last month, as were two alleged partners, "Ostiator"
and "Johnyloleante," according to Panda Security.
Panda Security Senior Research Advisor Pedro Bustamante said that
one of the three was caught with 800,000 personal credentials when
Spanish police arrested him.
In addition to collecting data, the three men rented out millions
of enslaved machines to other hackers, according to
Bustamante.
The Mariposa botnet is one of many such networks, the bulk of which
are controlled by syndicates that authorities believe are based in
Eastern Europe, Southeast Asia, China and Latin America.
While authorities sometimes succeed in shutting them down, they
rarely catch the criminals behind the networks.
"Mariposa's the biggest ever to be shut down, but this is only the
tip of the iceberg. These things come up constantly," said Mark
Rasch, former head of the US Department of Justice computer crimes
unit.
He said he suspects there were more than three people behind
Mariposa, and that any ringleaders who were not arrested could soon
put the network back online.
