The Slovenian Criminal Police, working with the FBI and the Spanish Guardia Civil, have announced the arrest of a 23-year-old Slovenian programmer known as “Iserdo,” suspected of being the creator of the Mariposa/buttery botnet that has infected millions of computers around the world. The Maroposa bot was designed to pilfer financial information like credit card and bank account information; it can also be used to stage denial-of-service attacks and to spread malware to other computers. Experts estimate the Mariposa botnet may have infected anywhere from 8 to 12 million Windows computers around the world, including some high-profile infections at major companies and financial institutions.
The arrest follows the arrest of three suspected Mariposa botnet operators in Spain earlier this year.
“In the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world,” said FBI Director Robert S. Mueller, III, in a statement. “These cyber intrusions, thefts, and frauds undermine the integrity of the Internet and the businesses that rely on it; they also threaten the privacy and pocketbooks of all who use the Internet.”
Iserdo is alleged to have created the “Butterfly Bot” and sold it to other cybercriminals around the world from 2008 to 2010. From Iserdo’s code, the criminals developed wide-ranging botnets, of which the Mariposa botnet running out of Spain was the largest. Iserdo then went on to develop add-ons for his original application to enhance the malware’s capabilities; he, in turn, sold these enhancements to the botnet operators.
The Mariposa bot was perhaps too successful for its own good: while it’s not terribly unusual in the Windows world for botnet to infect a few hundred thousand computers, the larger they get, the more attention they attract from law enforcement. With Mariposa inhabiting millions of computers worldwide, it became a top priority for cybercrime investigators and Internet security experts. However, not all successful botnets get torn down by law enforcement: nobody has ever been arrested in connection with the Conficker worm, which is estimated to have infected as many PCs as Mariposa.
