[Infowarrior] - FBI Probes Massive Botnet Computer Infection

Richard Forno rforno at infowarrior.org
Thu Jun 30 12:57:03 CDT 2011


FBI Probes Massive Botnet Computer Infection

By Michael Riley - Jun 30, 2011

http://www.bloomberg.com/news/print/2011-06-30/fbi-probes-botnet-infecting-millions-of-computers.html

International law enforcement agencies are investigating what may be the largest documented botnet, a network of tens of millions of hijacked computers used to steal banking information, according to a security firm aiding the investigation.

The botnet, called Metulji, Slovenian for butterfly, is linked to the theft of hundreds of thousands of dollars by a criminal gang based in Eastern Europe, including two people arrested last month in a joint operation in which the FBI joined in, said Karim Hijazi, chief executive officer of Wilmington, Delaware-based Unveillance LLC.

Jenny Shearer, a spokeswoman for the Federal Bureau of Invesetigation, wasn’t immediately available for comment.

The Metulji botnet is at least twice as extensive as any known predecessor and uses a potent new form of spyware that has infected computers in 172 countries, evading anti-virus software, Hijazi said.

Botnets, which are based on computer worms that give criminals remote command of the computers they infect, have helped fuel an expanding crime wave that cyber-security company McAfee Inc. estimates costs $1 trillion a year.

“It’s a live botnet that is probably stealing information and facilitating ill-gotten gains to bad guys right now,” Hijazi, 35.

He said some members of the gang have been traced to the city of Banja Luka in Bosnia and Herzegovina.

Still in Control

Hijazi said there are indications that other members of the gang are still in control of the botnet, and he estimated that losses will eventually rise to millions of dollars.

“This is far from over,” Hijazi said.

Along with a Spanish firm, Panda Security, Unveillance analyzed the Metulji computer worm and found it’s a more sophisticated version of the virus behind the Mariposa botnet, previously known as the largest, which was dismantled by international law enforcement agencies last year.

The June arrests of two men in Slovenia resulted from their use of real names and addresses when they registered domains used to control the Metulji botnet, Hijazi said.

More arrests may be imminent. The alleged author of the computer worm behind the Mariposa botnet, who may have also created the Metulji software, was arrested last year in Slovenia.

At the time, police seized records of people he sold his software to, data that Hijazi said could now lead authorities to other members of the Metulji gang.

“That may be the key to finding any others who are still out there,” Hijazi said.

To contact the reporter on this story: Michael Riley in Washington at michaelriley at bloomberg.net.

To contact the editor responsible for this story: Michael Hytha at mhytha at bloomberg.net



More information about the Infowarrior mailing list