Facebook Teams With Federal Authorities to Bust $850 Million Botnet

 
 
By Brian Prince  |  Posted 2012-12-12
 
 
 

Federal authorities joined forces with the Facebook security team to catch 10 people accused of being involved in a massive $850 million cyber-crime operation.

The investigation stretched across the globe, involving the FBI and the U.S. Department of Justice as well as law enforcement officials from other countries in a case that ultimately led to the arrests of 10 individuals from Bosnia, Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom and the United States. According to the FBI, the operation identified cyber-crime rings linked to variants of the Yahos malware used as part of the Butterfly botnet. The malware is linked to more than 11 million compromised computer systems and more than $850 million in losses.

Once on the system, the malware steals the victim's credit card numbers, banking information and other personally identifiable data. From 2010 to October, Yahos was used to target Facebook users, the FBI said. When the situation was detected, Facebook's security team began providing assistance to law enforcement to identify the perpetrators as well as those affected by the malware.

"Facebook's Security Team is vigilant against any threats that target our site and the internet at large," the company said in a statement. "Every day, our team works to protect the people who use our site and their data from spam and malware. The Security Team partners with groups both within Facebook and in the computer security community at-large, to build secure systems and fight threats wherever we find them.

"This week, we were fortunate enough to work with the Federal Bureau of Investigation (FBI) and other industry leaders in taking down the Butterfly Botnet, also known as Yahos and Slenfbot," the company said.

According to Facebook, the Yahos and Slenfbot viruses operated as a botnet. In 2010, Facebook's automated systems identified accounts affected by the malware. Once the affected accounts were identified, Facebook provided free anti-virus software to remediate the issue, and used its anti-spam systems to block much of the malicious content.

"As a result of our research, we were able to provide intelligence to law enforcement agencies about the capabilities and architecture of the malware," according to the company. "Facebook has seen no new infections since October 2012."

Facebook warned that while the Yahos and Slenfbot botnets have been taken offline, some victims' devices may still be infected by malware. Facebook users concerned their computer or network may be compromised can proactively check by visiting the Facebook malware checkpoint, linked to here.

"If your computer is infected, the free anti-virus software offered will safely remove it," the company said.

 "It is recommended that computer users update their applications and operating system on a regular basis to reduce the risk of compromise and perform regular anti-virus scanning of their computer system," the FBI said. "It is also helpful to disconnect personal computers from the Internet when the machines are not in use. Computer users who believe they have been victimized should file a complaint with the FBI’s Internet Crime Complaint Center at www.ic3.gov."

Rocket Fuel