Arrests are made in the Lecpetex botnet investigation
Two suspects have been arrested by the Greek police in the investigation into the Lecpetex botnet, which was set up primarily to mine the virtual currency Litecoin, and spread over social networks.
Facebook worked with partners to take down the infrastructure back in April, but is only just now talking about the operation, after the arrests.
Facebook vs. botnet
The Lecpetex malware, once installed on victims’ PCs, was used to promote social spam and hit as many as 50,000 Facebook accounts at its peak. Outside of Greece, there were notable numbers of infected machines in Poland, Norway, India, Portugal, and the US.
Users were initially infected when tricked into running malicious Java applications and scripts. That then installed the Litecoin miner, spy software called DarkComet RAT and a module that would pilfer social network cookies to hijack accounts and spread malicious links to contacts via private messages.
Between December and June, the attackers used their botnet to launch “20 distinctive waves” of spam across social websites, Facebook’s security team said in a blog post.
The malware authors were said to have been working on a Bitcoin “mixing” service, which would have made it more difficult to track their illicit funds, effectively laundering them through hard-to-trace Bitcoin transactions.
“Lecpetex was a particularly persistent malware family. We hope this example will illustrate that cooperation can be helpful and productive in shutting down botnets, particularly when criminals abuse multiple online platforms to achieve their aims,” Facebook added.
Are you a security expert? Try our quiz!