Slovenian hackers investigated in Mariposa botnet probe

According to regional press reports, three Slovenian men are being investigated as part of an international probe into one of the world’s biggest botnets, which compromised millions of computers world.

Homes have been searched and “a large number” of computers seized in the Slovenian city of Maribor, where the young men attended the faculty of computer science. The FBI, working with local law enforcement agencies, believe that the men played a key role in the Mariposa botnet.

The Mariposa botnet (named after the Spanish word for “butterfly”) was shut down in late 2009, and arrests were subsequently made in Spain of hackers using nicknames such as “Netkairo”, “jonyloleante” and “ostiator”.

It was reported at the time that the Mariposa botnet compromised almost 13 million computers in more than 190 countries (including, allegedly, infiltrating 50 of the world’s Fortune 100 companies) – making it a huge cybercriminal operation.

The computers were recruited into the botnet after being infected by a polymorphic family of malware called W32/Rimecud, which spread itself via a number of methods including copying itself to removable storage devices, instant messaging and P2P file-sharing systems.

If the police are correct, the Slovenian hackers created this malware and sold it to their counterparts in Spain.

The rewards to be made from running a botnet (through stealing credit card information and passwords, or sending spam or popping up irritating adverts) can be huge – but criminals need to learn that the punishments can also be severe.

We expect more information about the investigation to become available in the coming days.