Three arrested in connection with Mariposa botnet

Slovenian police will hold a press conference on Friday to discuss the arrest of three men in connection the massive Mariposa botnet that was disabled late last year.

A 23-year-old man was arrested in Maribor, Slovenia, about 10 days ago, said Leon Keder, press officer for the Slovenian National Police. He has been released but is expected to be charged with computer-related crimes, Keder said. The U.S. Federal of Bureau of Investigation confirmed the arrest on Wednesday morning.

Two others were also arrested. Their names can't be released due to restrictions under Slovenian law, Keder said.

Millions of computers worldwide were infected with the Mariposa botnet code, which allowed hackers to siphon information from those machines and launch denial-of-service attacks against others.

FBI Director Robert S. Mueller said in March that Mariposa had infected the computers of Fortune 1000 companies and major banks. Mariposa's authors changed the botnet's code as frequently as every 48 hours in order to go undetected by security software.

But Mariposa's controllers made a mistake and used one of their real names to register domains that were used to control the bots. Although they used a private domain name registrar, the company cooperated with investigators.

Security researchers formed the Mariposa Working Group in order to take down the botnet. Its command-and-control servers were disabled in December, and the group passed information to law enforcement agencies in Spain and the U.S. In March, Spain arrested three men in connection with Mariposa.

Send news tips and comments to jeremy_kirk@idg.com

FREE Computerworld Insider Guide: IT Certification Study Tips
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies