The U.S. Department of Justice said on Tuesday that they’ve arrested 10 suspects from from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States involved in a global botnet operation that infected more than 11 million systems. The ring is said to have caused more than $850m in losses in one of the largest cyber crime hauls in history.
Officials said international cyber crime rings linked to Butterfly (aka Mariposa) botnet, first discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims.
FBI said, "Facebook’s security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by the malware. Yahos targeted Facebook users from 2010 to October 2012, and security systems were able to detect affected accounts and provide tools to remove these threats."
How Butterfly actually fly ? A botnet is a network of computers that have been infected by a virus that allows a hi-tech criminal to use them remotely. Butterfly botnet spread itself using variants of Yahos (virus that spreads itself by sending links via social networks and instant messaging), then victims clicked on that malicious link, launching Yahos attack. The malware which in some variants disguised itself as an NVIDIA video driver, then downloaded and installed the botnet controls and browser exploits that captured users' credit card and bank account information.
Variations on the Yahos malware have been infecting users for years, spreading initially via instant messenger platforms like AIM and Yahoo! messenger.
Experts say cybercrime is on the rise around the world as PC and mobile computing become more prevalent, and as more and more financial transactions shift online.