Authorities in Slovenia have arrested a man known by the Internet moniker "Iserdo" for allegedly creating and selling the Butterfly botnet kit used to help spread some of the most damaging and profitable malware in the world, including the infamous Mariposa botnet.
Working with the FBI and with assistance from security software vendors Panda Security and Defence Intelligence, Slovenian law enforcement agents nabbed the man suspected of selling thousands of Butterfly kits for between $650 and $2,000 to enterprising -- if unoriginal and marginally skilled -- malware purveyors who then used the kit to create botnets that have wreaked havoc at financial institutions, government agencies and businesses around the globe.
"Iserdo," 23, was apprehended in Maribor, Slovenia, last week and is currently free on bail and awaiting a court date in the Central European nation.
"In the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world," FBI Director Robert Mueller said in a statement. "These cyber intrusions, thefts, and frauds undermine the integrity of the Internet and the businesses that rely on it. They also threaten the privacy and pocketbooks of all who use the Internet."
Security experts said the Butterfly kit has been used to create almost 10,000 unique pieces of malicious software and more than 700 botnets. The proliferation of these relatively cheap and readily available malware kits has created something of a cottage industry for would-be hackers looking to make a quick buck without having to actually write malicious code capable of penetrating organizations' networks to create new botnets.
Security researchers at Defence Intelligence, based in Ottawa, Canada, and Spain's Panda Security had been monitoring the Butterfly kit for almost two years, digging deep into the code for clues that would eventually lead to the author's online identity. Both companies are members of the Mariposa Working Group, a consortium of private-sector security firms, academics and law enforcement agencies collaborating to find and arrest those responsible for creating and spreading the Mariposa botnet.
Thus far, Panda Security officials said, Mariposa has infected almost 13 million computers worldwide.
The group's efforts led to the March arrest of three Spanish men, dubbed the "Nightmare Days Team," allegedly responsible for masterminding the Mariposa botnet scam.
While law enforcement agencies are having success busting the people who created this particularly virulent botnet, they've had no luck tracking down those responsible for other malware epidemics -- most notably the notorious Conficker worm.
"As opposed to arresting the guy who broke into your home, we've arrested the guy that gave him the crowbar, the map and the best houses in the neighborhood," Jeffrey Troy, the FBI's deputy assistant director, said in a statement. "And that is a huge break in the investigation of cyber crimes."