Facebook Security, FBI Take Down Butterfly Botnet, Arrest 10

Facebook’s security team is being lauded by the FBI for its role the arrest of 10 individuals accused of spreading banking malware on the social networking site and collecting more than $850 million from fraudulent transactions.

Facebook’s security team is being lauded by the FBI for its role the arrest of 10 individuals accused of spreading banking malware on the social networking site and collecting more than $850 million from fraudulent transactions.

The arrests were carried out yesterday in the U.S., U.K., the Balkans, South America and New Zealand in connection with spreading the Yahos malware on Facebook from 2010 to this October. Yahos compromised more than 11 million computers, the FBI said. Attackers would use phony Facebook accounts to spread the malware via instant messages through Facebook. The messages included a link to sites hosting banking malware and other data-stealing Trojans.

The Butterfly botnet pilfered almost a billion dollars from its victims, the FBI said; credit card numbers, bank account logins and other personally identifiable information was taken via the infected computers. The Spanish word for butterfly is Mariposa, which is also the name of a virulent botnet that spread spam and carried out denial-of-service attacks. The FBI’s statement did not link Butterfly with Mariposa.

“Facebook’s security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by the malware,” the FBI said in a press release. “Yahos targeted Facebook users from 2010 to October 2012, and security systems were able to detect affected accounts and provide tools to remove these threats.”

Few other details were released. The suspects were rounded up in Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States, the FBI said.

Yahos isn’t the first malware to use Facebook as an infection vector. In late 2011, a worm made the rounds using stolen credentials to spam malicious links to users’ Facebook friends. The sites would download malware including the Zeus Trojan.

The most infamous Facebook malware was the Koobface worm, malware that includes a network of malicious Web servers, URL checkers, a CAPTCHA breaker, a rogue antivirus program, data stealers and search-result hijackers.

Suggested articles

Mariposa Operators Did Not Use Cookie Stuffing

According to the researcher who helped take down
Mariposa, the operators who purchased the bot software from the
man known as “Iserdo” and then built Mariposa, for some
reason didn’t opt for the feature, which he offered for 200 euros, even
though it would have increased their potential profits. Read the full article. [Dark Reading]