The “botnet” of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, police said. The tainted computers stole credit card numbers and online banking credentials.
The criminals did not realize the power of the illegal network they had created which could have paralyzed an entire country’s computer systems, police said.
Police gave a news conference on Wednesday, a day after they arrested three people for what they believe to have been one of the biggest computer crimes ever detected. They refused to identify the men, aged between 25 and 31, from small Spanish towns, whom they suspect of infecting more than 13 million computers with spyware.
Police believe the men were not expert hackers and bought their virus program on the black market before using it to take over other people’s computers in order to create a “botnet,” a network of enslaved computers.
“Fortunately this botnet of 13 million computers was controlled by someone who hadn’t realized how powerful it was,” Juan Salon, the head of the cybercrime unit of Spain’s Civil Guard Police, told reporters.
The network would have had much more computing power than the one used in a notorious “cyber-attack” on Estonia, police said, adding that it could in theory have been used for a similar assault on a nation’s vital computer infrastructure.
Estonia accused Russia of being behind the 2007 attack, which swamped websites belonging to many of the country’s institutions, putting them out of action.
“Thank God, their criminal mentality wasn’t very sophisticated,” said Salon, who said the men apparently tried to offer their botnet to criminal gangs for hire, but do not seem to have made huge profits although they made a comfortable living.
The criminals used the virus to infect machines — initially exploiting a vulnerability in Microsoft Corp’s Internet Explorer browser — which then allowed them to record key strokes and login credentials. This botnet was known as “Mariposa” — the Spanish word for butterfly. The leader of the gang was caught with personal details of 800,000 people, said the Civil Guard. Government institutions and companies had also been affected, it said, although it refused to give more details.
Botnets are networks of infected PCs that have been hijacked from their owners, often without their knowledge, and put into the control of criminals. Linked together, the machines supply an enormous amount of computing power to spammers, identity thieves and Internet attackers.
There are an estimated 4,000 to 6,000 operating today and this one was the biggest one ever brought down, said Jose Antonio Berrocal, head of the Civil Guard’s economic and technological crimes unit.
The Mariposa botnet spread to more than 190 countries, according to researchers. It also appears to be far more sophisticated than the botnet that was used to hack into Google Inc. and other companies in the attack that led Google to threaten to pull out of China.
