Bloomberg News

FBI Probes Botnet Discovered Infecting Millions of Computers

June 30, 2011

(Updates with FBI declining comment in third paragraph.)

June 30 (Bloomberg) -- International law enforcement agencies are investigating what may be the largest documented botnet, a network of tens of millions of hijacked computers used to steal banking information, according to a security firm aiding the investigation.

The botnet, called Metulji, Slovenian for butterfly, is linked to the theft of hundreds of thousands of dollars by a criminal gang based in Eastern Europe, including two people arrested last month in a joint operation in which the FBI joined in, said Karim Hijazi, chief executive officer of Wilmington, Delaware-based Unveillance LLC.

Jenny Shearer, a spokeswoman for the Federal Bureau of Invesetigation, declined to comment.

The Metulji botnet is at least twice as extensive as any known predecessor and uses a potent new form of spyware that has infected computers in 172 countries, evading anti-virus software, Hijazi said.

Botnets, which are based on computer worms that give criminals remote command of the computers they infect, have helped fuel an expanding crime wave that cyber-security company McAfee Inc. estimates costs $1 trillion a year.

“It’s a live botnet that is probably stealing information and facilitating ill-gotten gains to bad guys right now,” Hijazi, 35.

He said some members of the gang have been traced to the city of Banja Luka in Bosnia and Herzegovina.

Still in Control

Hijazi said there are indications that other members of the gang are still in control of the botnet, and he estimated that losses will eventually rise to millions of dollars.

“This is far from over,” Hijazi said.

Along with a Spanish firm, Panda Security, Unveillance analyzed the Metulji computer worm and found it’s a more sophisticated version of the virus behind the Mariposa botnet, previously known as the largest, which was dismantled by international law enforcement agencies last year.

The June arrests of two men in Slovenia resulted from their use of real names and addresses when they registered domains used to control the Metulji botnet, Hijazi said.

More arrests may be imminent. The alleged author of the computer worm behind the Mariposa botnet, who may have also created the Metulji software, was arrested last year in Slovenia.

At the time, police seized records of people he sold his software to, data that Hijazi said could now lead authorities to other members of the Metulji gang.

“That may be the key to finding any others who are still out there,” Hijazi said.

--Editors: Fred Strasser, Stephen Farr

To contact the reporter on this story: Michael Riley in Washington at michaelriley@bloomberg.net.

To contact the editor responsible for this story: Michael Hytha at mhytha@bloomberg.net


Silicon Valley State of Mind
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

 
blog comments powered by Disqus