SOCA Makes Arrest In £527m Butterfly Botnet Investigation

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

FBI, SOCA and Facebook looking to bring Yahos malware pushers down

Law enforcement officials in the UK, US and elsewhere have made a total of ten arrests, as part of an investigation into a botnet that had raked in over $850 million for its overlords, the FBI said yesterday.

Officials said international cyber crime rings linked to multiple variants of the Yahos malware had been disrupted as a result of a cooperative effort, leading to arrests in the UK, US, Bosnia and Herzegovina, Croatia, Macedonia, New Zealand and Peru. The malware was feeding the ‘Butterfly’ botnet, which was stealing credit card and other personal data.

ENISA botnet reportSOCA told TechWeekEurope it had made a single arrest as part of the operation. “SOCA officers executed a search warrant at an address in Molesey, Surrey, on the morning of 11 December, following which a man was arrested on suspicion of offences under the Computer Misuse Act. He was later bailed pending further inquiries,” a spokesperson said.

Butterfly botnet dead?

The Yahos malware has been doing the rounds since 2010, targeting Facebook and MySpace users. Facebook was heavily involved in the investigation, sharing data with law enforcement and helping remove links to the malicious software from the site.

In 2011, security company FireEye found Yahos was spreading via Facebook’s instant messaging service to send fake messages to users’ friends, urging them to visit an external website hosting malicious binaries. As soon as they clicked the link, they were infected and became part of the botnet.

It is believed Yahos has managed to infect 11 million computer systems to date.

There have been a number of law enforcement successes against botnets in recent months. In 2012, Dutch police took the “spam beast” botnet Grum down.

In June, Russian authorities arrested a 22-year-old, accusing him of running a 6 million-strong botnet that stole £2.9 million from online banking users.

How well do you know Internet security? Try our quiz