On Tuesday, the FBI announced that it had arrested ten people connected to a botnet that had spread through Facebook. Spread by a virus targeting Facebook users, the botnet caused over $850 million in losses to financial institutions, infected over 11 million computers, and stole credit card and bank account data. The botnet itself was shut down in October, according to an FBI statement.
This is the second major outbreak of botnets based on the Butterfly (aka Mariposa) bot tool. The first incarnation, discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims.
In the latest incarnation of Butterfly, the botnet spread itself using variants of Yahos, a virus that spreads itself by sending links via social networks and instant messaging. Victims clicked on the link, launching Yahos’ attack. The malware, which in some variants disguised itself as an NVIDIA video driver, then downloaded and installed the botnet controls and browser exploits that captured users’ credit card and bank account information. The spread of viruses like Yahos prompted Facebook to partner with McAfee in 2010 to provide tools to users to clean infected systems.
Facebook’s internal security team assisted the FBI’s investigation, helping to identify the botnet at the center of the fraud, as well as identifying who was spreading the malware and which accounts had been infected by it. The FBI received further assistance from law enforcement officials in Bosnia and Herzegovina, Croatia, New Zealand, Peru and the United Kingdom, as well as local law enforcement in the US, in obtaining search and arrest warrants and conducting interviews.
by Sean Gallagher – Dec 12 2012 Via arstechnica
Follow Radio Freedom on Facebook