The FBI arrested 10 people linked to the Butterfly botnet with help from Facebook’s security team, the agency said yesterday.
The FBI and other national and international law enforcement groups arrested 10 people in seven countries, including the United States, the United Kingdom, several Eastern European countries and Peru.
The FBI declined to say how many were arrested in the United States or where. The district attorneys’ offices that were involved with the case were in Hawaii, the Western District of Pennsylvania; and Washington, D.C.
More than 11 million computers have been compromised by the software the crime ring used. Yahos malware, deployed through the Butterfly Botnet, steals credit card and bank account numbers, along with other personally identifiable information.
According to the FBI, the racket accounts for more than $850 million in losses.
The crime ring began targeting Facebook users in 2010, leading the company to open an internal investigation. Facebook subsequently shared some of the results of that investigation with the FBI. According to Jeremiah Owyang, an analyst with the Altimeter Group, the FBI has ongoing cooperative relationships with Facebook and Twitter.
“While only a small subset of the 11 million computers infected had accounts on Facebook, our malware researchers were able to provide intelligence to law enforcement about the virus’ architecture and the perpetrators responsible, culminating in the arrests this week,” Facebook said.
In some cases, the software proliferated on Facebook by spamming infected users’ contacts.
Facebook said that it detected affected accounts and used its anti-spam mechanisms to block “much of the malicious content.” The social network says it hadn’t seen any new infections since October of 2012.
The botnet’s command center has been shut down, but individual computers may still be compromised.