13 million PCs infected, arrest of 3 hackers by Spanish police

Spanish police have shut down a ring of computer hackers who infected more than 13 million PCs with a virus that stole credit card numbers and other valuable data in what may be the biggest cyber raid to date.

Spain’s Civil Guard said on Tuesday that it arrested three men suspected of running the so-called Mariposa botnet, named after the Spanish word for butterfly. A press conference to give more details is scheduled for Wednesday.

Mariposa had infected machines in 190 countries in more than half of the world’s 1,000 largest companies and in at least 40 big financial institutions, according to two Internet security firms that helped Spanish officials crack the ring, Canada’s Defence Intelligence and Spain’s Panda Security.

“It was so nasty, we thought ‘We have to turn this off. We have to cut off the head,’” said Chris Davis, CEO of Defence Intelligence, which discovered the virus last year. He added that the ring was shut down on Dec. 23.

The virus was programmed to steal all login credentials and record every key stroke on an infected computer, then send the data back to a “command and control center,” where the ringleaders stored the data.

“Basically they were going after anything that would make them money,” Davis said.

Mariposa initially spread by exploiting a vulnerability in Microsoft Corp’s Internet Explorer Web browser. It also contaminated machines by infecting USB memory sticks, he said.