Facebook has just helped take down individuals responsible for a massive botnet that spread through social networks.
In an announcement by the US Federal Bureau of Investigation, the agency said that “Facebook’s security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by the malware.”
The botnet bosses taken down by the operation are connected to the Butterfly Botnet which spread via the Yahos malware.
According to the FBI, 10 individuals from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States were arrested in the operation to take down the Butterfly Botnet.
Facebook users were attacked by the malware “from 2010 to October 2012, and security systems were able to detect affected accounts and provide tools to remove these threats,” the FBI says.
The botnet itself was massive with more 11 million computer systems infected, the FBI says. Throughout its run, the Butterfly Botnet was responsible for more than $850 million in losses.
The botnet pilfered financial information like credit card numbers and bank information from the computers the Yahos malware infected. It also stole other information from the computers it infected.
Facebook said in a statement it posted on its site that its Security Team works with groups both within Facebook and in the computer security community at-large, to build secure systems and fight threats whenever they are identified.
“This week, we were fortunate enough to work with the Federal Bureau of Investigation (FBI) and other industry leaders in taking down the Butterfly Botnet, also known as Yahos and Slenfbot,” the social network added.
“While only a small subset of the 11 million computers infected had accounts on Facebook, our malware researchers were able to provide intelligence to law enforcement about the virus’ architecture and the perpetrators responsible, culminating in the arrests this week,” it explained further.
“The Yahos and Slenfbot viruses operated as a botnet – a collection of infected computers controlled by the virus’ owners. The viruses stole victims’ credentials, credit card information, and in some cases, spammed their Facebook friends. Law enforcement estimates total worldwide losses from this set of botnets to be approximately $850 million US Dollars,” Facebook noted.
According to Facebook, it began investigating the Yahos malware way back in 2010. In a simplified explanation how Facebook worked on the case, it says: “Once we were able to identify affected accounts, we were able to mitigate the threats posed by these viruses. We provided free anti-virus software to remediate impacted accounts, and our anti-spam systems were able to block much of the malicious content. These anti-virus tools helped users clean up any infected devices and curbed the spread of the virus. As a result of our research, we were able to provide intelligence to law enforcement agencies about the capabilities and architecture of the malware.”
The FBI says that the investigation was conducted by its Cyber Division, International Operations Division, and its field offices in Albany, Baltimore, Boston, Charlotte, Cincinnati, Cleveland, Dallas, El Paso, Honolulu, Jacksonville, Los Angeles, Milwaukee, New Haven, New Orleans, Norfolk, Philadelphia, Pittsburgh, Sacramento, San Diego, San Juan, St. Louis, Tampa, and Washington Field.
The FBI also noted that the Department of Justice’s Computer Crime and Intellectual Property Section as well as the U.S. Attorney’s Office for the District of Hawaii, the U.S. Attorney’s Office for the Western District of Pennsylvania and the U.S. Attorney’s Office for the District of Columbia worked on the case.
The whole operation involved many other law enforcement agencies from around the world.
Apart from Facebook, the FBI also worked with Bosnia and Herzegovina’s Republika Srpska Ministry of Interior; Republic of Croatia, Ministry of Interior General Police Directorate, National Police Office for Suppression of Corruption and Organized Crime; New Zealand Police; Peruvian National Police; and the United Kingdom’s Serious Organised Crime Agency.
Facebook has warned, however, that the Butterfly Botnet may still not be finished for good even though “Facebook has seen no new infections since October 2012”.
Throughout the operation to defend the social network against the malware spreading through it, Facebook noted that the botnet’s operators were modifying and improving the Yahos malware to adapt to countermeasures.
“While the Yahos and Slenfbot botnets have been taken offline, some people’s devices may still be infected by malware,” Facebook says.
Facebook urges people to visit the Facebook malware checkpoint at http://on.fb.me/infectedMSE to check for the Yahos malware.
“At Facebook, our primary concern is keeping users and their data safe. We are proud of our continued work with law enforcement to ensure the perpetrators behind these threats and others are brought to justice, not simply shut out from our site,” the social network said in a statement.