Massive 11-million-computer botnet taken down; 10 people arrested

Ten people had been arrested by international authorities for suspicion of running a massive botnet that infected personal computers and stole millions of personal information from victims.

Facebook, according to the Justice Department, helped in some capacity in apprehending the suspects. The Federal Bureau of Investigation and some international law enforcement agencies carried out the arrests. Some Facebook users were targeted victims by the malware for several years already.

The international agencies arrested suspects from Britain, Bosnia and Herzegovina, Macedonia, Croatia, Peru, New Zealand, and the United States, according to the FBI.

The network of hijacked computers, called the Butterfly botnet, were used by the suspects to spread malicious software named Yahos, officials said.  Some versions of the malware have long been traced back to criminal groups that spread it over social networks. Compromised systems often give the criminals personal data like credit card numbers.

The Justice Department, in a statement last Tuesday, said that variants of this kind of malware had compromised over 11 million personal computers and had caused over $850 million in losses. The said figure, according to Justice Department official, is the cost of the cumulative damage from the long-term problem the malware had caused, not the entire figure of the damage caused by the suspects who were arrested.

Facebook’s Internet threat researcher Mark Hammell revealed that the company had discovered the threat about two years ago after stumbling on its suspicious behavior. The software hijacked some accounts and posted links on their friend’s wall. If a person clicks on those links, the computer will download the software and will infect it.

To understand the threat deeper, Facebook researchers reverse-engineered the malware and eventually traced some of its activities to computer servers owned by the suspects. The move helped Facebook identify the suspects, Hammell said.

“We realized we didn’t have the ability to stop it completely, and at that point, we decided the best response was to escalate this to law enforcement,” Hammell revealed in an interview. Two of the suspects arrested are the authors of the malware, he said. He also said that Facebook users made up a small percentage of those whose computers were compromised.

Social networks and security firms have known how this particular form of malware work, and software used to detect and eliminate it has been around for years. The Justice Department ask users to be responsible and do common-sense preventive measures like doing anti-virus scanning. Users who think their computers had been compromised should file a complaint with the FBI-run Internet crime complaint center at

Facebook users who suspect that their accounts or computers have been compromised can also go to The malware does not a variant that would infect Apple computers.

According to Manos Antonakakis, director of academic research firm Damballa, a company that fights botnet, said that the Butterfly botnet’s size is significant. The number of infected computers in its network doubles the size of the recent major botnet dismantled by authorities last November, the one that runs the malware called DNSChanger, which has compromised four million computers.

“This is a major achievement for law enforcement,” Antonakakis said, “and we look forward to many things like this, so we can effectively tackle emerging botnets out there.”

However, Antonakakis also said that the estimate of 11 million compromised computers can be high because it includes a computer count that is detected as a new device every time it connects to a new network like the Wi-Fi at Starbucks.

The estimated damage cost of $850 million can probably be high too as credit card companies usually wipe out fraudulent charges.

However big the takedown for authorities might be, Peter G. Neumann, a seasoned scientist at engineering research lab SRI International, said he was not too excited about the arrests. He said that taking down a particular botnet did not resolve the basic issue of computer security being too weak. He said anybody could easily create a variant of the software and build another botnet.

“You’re solving a problem that wouldn’t exist if the systems were designed properly,” Neumann said.

source: nytimes

Leave a Reply

Required fields are marked *

Google Maps becoming available in Apple App Store again

Chinese smartphone makers sacrificing profit margins for quad-core upgrades