Authorities in several countries have arrested a total of 10 people suspected of setting up a botnet of hijacked computers to steal personal information from millions of victims.
The arrests were made in the UK, Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru and the US.
The FBI and international agencies were helped in their investigations by Facebook, whose users were among those who had their computers hijacked, according to the New York Times.
The botnet was created by infecting computers mainly through social networks with malware called Yahos which bypasses security software and enables criminals to steal personal data.
Authorities said that in the past few years, variants of Yahos have infected about 11 million computers and cause more than $850m in losses, not all tied to the people who were arrested.
Read more about botnets
Microsoft disrupts Nitol botnet, outs hidden PC malware
Kelihos botnet operator named in Microsoft botnet lawsuit
Botnet removal: Detect botnet infection and prevent re-infiltration
Facebook’s internet threat researchers reverse engineered the malware and traced some of its activities to servers controlled by the suspects.
Facebook said its members made up only a small percentage of those affected, but users who were concerned about being infected could check their computers at http://on.fb.me/infectedMcA.
While the operation has been hailed as a major achievement for international authorities because the botnet was more than double the size of the DNSChanger botnet taken down last November, security researchers said it failed to tackle the real problem, which is poor security design in systems.
Businesses and consumers can reduce the risk associated with data theft through infected computers, by following the following three principals, said Tal Be’ery, web research team leader at security firm Imperva.
- Safe behaviour: Not opening attachments or following links received from strangers, or even friends if the message comes “out of the blue” without any context
- Block known malware with antivirus software: Having an up-to-date antivirus software will help in blocking known viruses but will not necessarily detect new variants.
- Block unknown malware with data access monitoring: Monitoring database and file access for the organisation’s users, or routine checks for credit card bills for unexplained charges for home users.”