World’s biggest virus ‘botnet’ uncovered

The “botnet” of infected computers affected machines in almost every country in the world in homes, universities, banks, government agencies and companies, including more than half of the largest US companies on the Fortune 1,000 list.

It was designed to steal credit card data, online banking passwords, account information for social networking sites and other sensitive information.

“This is the biggest network of zombie computers ever discovered,” the head of a Spanish police unit specialised in tech crimes, Jose Antonio Berrocal, told a Madrid news conference, using the term for PCs that can be controlled remotely by outsiders.

The authorities provided no estimate for how much money could have been stolen from owners of infected computers but security experts said removing the virus from the affected PCs could cost tens of millions of dollars.

The “botnet” network was shut down at the end of December in a joint operation carried out by Spanish police, the FBI and two private information security firms, Canada’s Defence Intelligence and Spain’s Panda Security.

Spanish police said it was so big it could have been used to “carry out a cyberterrorism attack which would be much greater than those staged against Estonia or Georgia.”

Denial-of-service attacks

Estonia suffered massive denial-of-service attacks in 2007 while Georgian websites suffered similar attacks a year later. In both cases the attacks coincided with diplomatic tensions between the two nations and Russia.

All three arrested suspects are Spanish nationals. They are between the ages of 25 and 31.

The authorities believe the suspected ringleader of the operation and his two alleged partners earned a living by renting out the botnet computer network they created to third parties who used them for criminal purposes.

“We were lucky that this network was in the hands of someone who was not conscious of the (full) extent of its potential for crime,” lead investigator Juan Salom said.

Police are looking for a fourth suspect who might be Venezuelan, he added.

While the authorities have dismantled major zombie computer networks in the past, arrests of the masterminds of such networks are rare.

Police found personal data from more than 800,000 computer users on the PC belonging to the 31-year-old suspected ringleader of the operation that was taken from his home in Spain’s northern Basque region.

Unskilled cyber criminal

They described him as a “petty criminal” who lived “modestly” from his hacking activities.

His two alleged partners, aged 30 and 25, are from Murcia in southeastern Spain and Galicia in the northwest.

The Mariposa network they created, named after the Spanish word for butterfly, was first detected in May 2009 by Defence Intelligence which then alerted the FBI.

“Our preliminary analysis indicates that the botmasters did not have advanced hacking skills,” said Pedro Bustamante, a senior research advisor at Panda Security.

“This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss.”

Malware is the software designed to infiltrate computers without the owners’ knowledge.

Shortly before the network was shut down, Defence Intelligence suffered a cyber attack which Spanish police believe was retaliation carried out by the creators of the Mariposa network.