SAN FRANCISCO — Authorities have smashed one of the world's biggest networks of virus-infected computers, a data vacuum that stole credit card information and online banking credentials from as many as 12.7 million poisoned PCs.
The "botnet" of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators.
Spanish investigators, working with private computer-security firms, have arrested the three alleged ringleaders of the so-called Mariposa botnet, which appeared in December 2008 and grew into one of the biggest weapons of cybercrime. More arrests are expected soon in other countries.
Spanish authorities plan a news conference today in Madrid.
The arrests are significant because the masterminds behind the biggest botnets aren't often taken down. Also, the three suspects go against the stereotype of genius programmers often associated with cybercrime. The suspects weren't brilliant hackers, but had underworld contacts who helped them build and operate the botnet, said Cesar Lorenza, a captain with Spain's Guardia Civil, which is investigating the case.
Investigators were examining bank records and seized computers to determine how much money the criminals made.
The three suspects were described as Spanish citizens with no criminal records. They weren't named and their mug shots weren't released, which Lorenza said is standard in Spain to protect the privacy of defendants. They can get six years in prison if convicted of hacking charges.
Authorities identified them by their Internet handles and their ages: "netkairo," 31; "jonyloleante," 30; and "ostiator," 25.
The Mariposa botnet was one of the world's biggest. It spread to more than 190 countries, researchers said. It also appears to be far more sophisticated than the botnet that was used to hack into Google Inc. and other companies in the attack that led Google to threaten to pull out of China.
The botnet runners infected computers by instant-messaging malicious links to contacts on infected computers. They also got viruses onto removable thumb drives and through peer-to-peer networks.
The researchers that helped take down Mariposa, which is from the Spanish word for "butterfly," began looking at it in the spring of 2009.