Three arrested over 12.7m PC botnet

Three arrested over 12.7m PC botnet

Summary: Authorities in Spain have arrested three men accused of operating a massive botnet which stole credit card and bank log-in data and infected computers in half the Fortune 1,000 companies.

Authorities in Spain have arrested three men accused of operating a massive botnet composed of 12.7 million PCs, which stole credit card and bank log-in data and infected computers in half the Fortune 1,000 companies and more than 40 banks, according to published reports.

The botnet 'Mariposa', which means butterfly in Spanish, first appeared in December 2008 and grew to be one of the largest botnets ever, The Associated Press reported. It spread the worm via removable drives, MSN Messenger and peer-to-peer programs, and targeted Windows XP and older systems.

Unlike many underground hackers, the alleged ringleaders of the operation were not skilled programmers, but had contacts who were, authorities said.

For more on this story, read Spain arrests three accused of running huge botnet on CNET News.

Topics: CXO, Banking, Hardware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • All Windows machines

    The Windows machines are harvested again by others.

    Bots are a result of MS Windows period.
    • Yes that is what happens when you have a 1.3 BILLION userbase

      It comes with the territory. Something that a loser OS like Linux will [b]never[/b] experience.
      • The funny part

        is that the article clearly states it targets Windows XP machines, yet the linux fanboys still have to point it out as if people can't read for themselves.
        Loverock Davidson
    • Wrong. But thanks for playing.

      [i]Bots are a result of MS Windows period. [/i]

      Wrong. Bots are a result of criminals period.
      Hallowed are the Ori
    • Check your Linux server, it's part of the botnet too.

      with you as a tux engineer, how is it everyone else knows more about security on Linux then you do?
      John Zern
      • You misunderstand, John.

        It's got nothing to do with OSes.

        He sews tuxedos for proms, weddings and bar mitzvahs.
        Hallowed are the Ori
      • Erroneous specification

        Suggesting that only Linux servers are involved is wrong. Linux desktops would be as well.
    • Please don't feed the troll (NT)

  • This is what happens...

    when you promote piracy and outdated OS's in an effort to
    contain the Linux tide.

    Add to that the fact that even the fully patched latest
    version of the OS is seriously vulnerable and you have
    created the perfet security storm.
    Great Kahuna
    • "Linux tide"??? LMAO!!!! (nt)

      Hallowed are the Ori
      • Linux All the Way get a new name? (nt) :)

        John Zern
      • Ya, Low tide. PU! (nt)

    • If you are going to engage in hyperbole...

      Why not call it a tsunami?

      You and others like you actually hurt FOSS
      and Linux when you make such statements. Don't you
      understand that you are exposing yourself and the
      Linux community as a whole to ridicule?
  • Sloppy Journalism

    Interesting that journalists don't tell us whether or not it os only microsoft machines or all machines. Why is that? Is it because they don't know, or that they can't tell, or that they don't see important security information as relevant?
    • It is obvious: Botnets make no sense on loser OSes

      Do we have to spell it out to you again? Loser OSes with pathetic marketshare numbers make lousy botnets.

      Which part of that confuses you?

      If anything, the title only mentions "PC", when in fact it could have said "XP". But that would not have been very dramatic and would have brought fewer clicks.

      You know, XP as in a 9 year old and two versions behind OS?
      • The old moronic volume argument again

        Market Share needs to be carefully defined. It is true that Microsoft has a majority of the desktop market, whatever that may mean. This does not mean, and is not true, that Microsoft has anything like a majority elsewhere.

        Microsoft leveraging off its market share gets its acolytes and drones to spout the market share means more attacks and hence more successful attacks mantras. But repetition, however vehement does not make something true, or even plausible. Good journalists know that, and IT professionals that have worked in more than one operating system environment know that.

        Here are some counter examples.

        1.Microsoft IIS is not anything like the majority of the web server market. Here are three prominent sites that have failed recently, MySchool, CFA and Myki. All run IIS. Name three apache2 based server sites of the same criticality that have failed or been compromised.

        2.Microsoft server variants are not anything like the majority of severs out there, especially if one removes stray false instances, or calculates on the basis of population served rather than number of servers. They do, however constitute the majority of the compromises, see CERT.

        The starting point of this was not to start an OS war, merely to point out that journalists have a duty to inform, so that the reader may form their own opinion, and assess the journalist?s opinion. This article did not do that. That?s the point. Not the defence of a particular OS regards of its merits or not.

        We do not pull punches naming Toyota for making faulty cars, why do we pull back on Microsoft for making flawed operating systems?

        I like to deploy the 'Fort Knox' argument to show the paucity of the 'marketshare' defence.

        Fort Knox is very secure, right? But according to the Windows apologists, if we build another 10,000 Fort Knoxs to the same design, each Fort Knox will become less secure, simply because there are more of them. By the time we get up to a few million Fort Knox's, according to the Windows apologists, breaking into Fort Knox will have become as easy as , well, compromising Windows software with malware.

        The same argument can be used for front doors. if you fit a high security front door to your house, you will prevent intruders getting in. If every person in your street fits them, every person in the street prevents intruders. this scales up as much as you like. If everybody used 'Fort Knox' front doors, everyone would be safe.

        Only Windows apologists are still pretending that increasing the number of instances of an inherently secure system, cause that system to become less secure. It's PR tommy rot.

        ?Fort Knox? borrowed from another poster
        • Bla bla bla excuses bla bla bla...

          Do you feel better now that you were able to come up with some dumb analogies that do not work at all?

          Good for you...
          • If you can't refute the facts play the man....

            I hope you don't have a responsible job in IT that people rely on.
          • Your analogy is so dumb it doesn't even need a response

            It is a waste of time to argue with someone that can't even get basic logic right. What's the point?
        • Fort Knox analogy makes no sense

          How much did it cost to build Fort Knox and maintain it annually? We're talking basic, infrastructure, our world class servicemen/women, their gear and needs. Finally, what's waiting inside if you are able to navigate past all that armor?

          Now, what's waiting for you after bypassing Windows security? Well, could be PII, financial info, etc... or it could be photos from birthday parties, picnics, etc... Ok, so it's hard to be certain there'd be anything worthwhile. Next option, use it as a tool to get to real, known bounty. Welcome to keyloggers, screen scrapers, botnets, etc... Windows is just the means, not the ends. The real ends are significantly more valuable but requires a lot of "tools" (pun intended) working collectively to get to.

          Now back to Fort Knox. If there was something worth lots of money, say fountain of youth or the 1 ring. The best tool to use is as large a number of forts as possible. So there are 200million Fort Knox, 10K Fort Benning, 10million Fort Lewis, etc... What do you think the bad guys will target?

          C'mon thedavidmckenzie. I agree with your position but you need to provide more reasonable arguments, examples, etc... Else, you're just making it easy for the MSFT apologist label us as zealots who can't present sound arguments, and rightly so.