Spanish authorities say they have nabbed the hackers behind the Mariposa botnet. The botnet, which was developed for large-scale theft of information, took control of more than 13 million computers in 190 nations.

Three Spanish citizens identified by initials, F.C.R., 31, of Balmaseda; J.P.R., 30, of Molina de Segura; and J.B.R., 25, of Santiago de Compostela, were arrested for their role in creating the network Relevant Products/Services, according to the Guardia Civil. The botnet stole personal and sensitive information, including banking and credit-card data Relevant Products/Services, passwords and usernames.

The alleged hackers attracted attention from the FBI, the Guardia Civil, and experts at Panda Security and Georgia Tech's Information Security Center who began monitoring the network last September. During the monitoring, authorities said, one of the three accused hackers logged in without blocking his computer address. His computer was then linked to the other accused hackers.

Authorities discovered 800,000 pieces of personal data on the computer of one of the individuals arrested and expect to make additional arrests, they said.

Soaring Butterfly

Mariposa, which means butterfly in Spanish, tapped into tens of thousands of unique networks and infected 50 of the Fortune 500 companies. It also tapped into two of the three American credit bureaus, according to Defence Intelligence, the Canadian company that first discovered the virus.

Mariposa was not categorized by experts as a virus or a Trojan. Instead, the malicious software becomes whatever it is commanded to be by the person or persons controlling the botnet. There are more than 70 variants of the malware, each with a different purpose, according to security Relevant Products/Services experts.

The malware was designed to dodge detection by traditional security measures, including antivirus detection systems.

The Guardia Civil described the accused trio as having no criminal background and little technical skills. Security experts said it took only searching to get the resources needed to design the attack Relevant Products/Services.

A Botnet Kit

Mariposa was based on the Butterfly botnet kit, which can be readily bought online, according to Jart Armin, a security expert with Host Exploit.

"It would appear the individuals reported as being arrested would not need to be highly skilled, as the kit would do all the work, and they were the Spanish affiliates for the use of this particular piece of crimeware," he said.

"Due to the detected responses and signatures, the malware almost certainly was German in origin," Armin added. "Mariposa was not original. It did, however, have a specialized focus by spreading via instant messaging and compromising systems to provide full control."