Suspected gang behind the $850 million Butterfly botnet arrested

Filed Under: Botnet, Facebook, Law & order, Malware

Evil butterfly. Image from ShutterstockThe FBI has announced that 10 individuals have been arrested, suspected of involvement in infecting 11 million computers with spyware that led to an alleged $850 million in losses.

The FBI is said to have worked in co-ordination with law enforcement agencies around the world on the investigation.

The suspected gang were arrested in Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States, as international computer crime cops linked the individuals with the Yahos malware.

According to the FBI, the Yahos malware threat compromised 11 million PCs worldwide, forming the Butterfly botnet, and stole computer users' credit card details, as well as bank account information, and other personal data that could lead to identity theft.

Typically, computers became infected through the oldest trick in the book - duping unsuspecting users into running an executable program that installed the malware. The malware managed to spread its impact by spreading via popular instant messaging services as well as social networks such as Facebook and MySpace.

The FBI has publicly thanked the security team at Facebook for providing assistance with the investigation, providing data that helped identify the perpetrators and - importantly - those who had been affected by the malware.

The authorities certainly should be applauded for investigating those alleged to be behind the Yahos malware and Butterfly botnet. Computer crime cases like this can often be complicated, and cover multiple jurisdictions and time zones.

Once again, it's a good reminder to all of us who use computers that we should not be dissuaded from reporting a malware attack simply because "the bad guys are probably based in a country far far away".

It would be a crying shame if the authorities were able to determine who they believed was responsible for malware or a botnet, but was unable to dig up any victims. Thankfully, with the help of Facebook, that hasn't happened on this occasion.

(By the way, don't confuse the Yahos/Butterfly botnet with the Mariposa botnet. It's an easy mistake to make as "Mariposa" is Spanish for "butterfly").

Evil butterfly image from Shutterstock.

, , , , ,

You might like

One Response to Suspected gang behind the $850 million Butterfly botnet arrested

  1. Tamas Feher · 1028 days ago


    Huh, 850 million USD? That's not very realistic. The FBI should not use creative book-keeping to boost its PR!

    Good luck proving such damages in court. For that huge money, the banks' own Pinkertons would have traced down the perpetrators and put them into concrete a long time ago, leaving the federal agents jobless.

    For comparison, a european AV source said 2 years ago that the ENTIRE brazilian banking hacker ecosystem earns 150 million USD in a month.

    Best regards.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley