Spain busts ring accused of infecting 13 mln PCs

By Jim Finkle

BOSTON (Reuters) - Spanish police have arrested three men accused of masterminding one of the biggest computer crimes to date -- infecting more than 13 million PCs with a virus that stole credit card numbers and other data.

The men were suspected of running the Mariposa botnet, named after the Spanish word for butterfly, Spain's Civil Guard said on Tuesday. A press conference to give more details is scheduled for Wednesday.

Mariposa had infected machines in 190 countries in homes, government agencies, schools, more than half of the world's 1,000 largest companies and at least 40 big financial institutions, according to two Internet security firms that helped Spanish officials crack the ring.

"It was so nasty, we thought 'We have to turn this off. We have to cut off the head,'" said Chris Davis, CEO of Defense Intelligence Inc, which discovered the virus last year.

The security firms -- Defense Intelligence Inc. of Canada and Panda Security S.L. of Spain -- did not say how much money the hackers had stolen from their victims before the ring was shut down on December 23. Security experts said the cost of removing malicious program from 13 million machines could run into tens of millions of dollars.

Mariposa was programed to secretly take control of infected machines, recruiting them as "slaves" in an army known as a "botnet." It would steal login credentials and record every key stroke on an infected computer and send the data to a "command and control center," where the ringleaders stored it.

"Basically they were going after anything that would make them money," Davis said.

Mariposa initially spread by exploiting a vulnerability in Microsoft Corp's Internet Explorer Web browser. It also contaminated machines by infecting USB memory sticks and by sending out tainted links using Microsoft's MSN instant messaging software, he said.   Continued...