The cyber crime division of Russia’s police force has arrested a man on suspicion of operating one of the world’s largest botnets.
The unnamed 22-year-old man created and operated a network of 6 million computers infected with malware designed to steal financial data, a statement from "Department K" alleges [translated by Google].
He is alleged to have stolen 150 million rubles (£3 million) by distributing banking Trojans, malware specifically designed to intercept credit card data and online banking details, including one known as Carberp. He allegedly transferred money from victims’ accounts, mostly based in Russia, to his own fake company accounts.
"On the money obtained by criminal means, [the] young man bought a luxury home in one of the resort towns of Russia, buying expensive foreign cars with premium and put money in legally operating businesses," Department K claims.
The arrest followed a ten month investigation by the department, with support from Russian anti-virus software vendor Dr. Web.
It is the latest arrest of a suspected botnet operator following collaboration between IT vendors and law enforcement authorities.
Microsoft, whose Windows operating system is the primary target of most botnet malware, has thwarted a number of botnets through legal, rather than technical, means. Earlier this year, it said an investigation in partnership with US police and financial service providers lead to the seizure of command and control servers for a 13 million PC-strong botnet, which had been used to steal $100 million over five years.
Last week, an academic paper whose authors include Cambridge University security professor Ross Anderson said that the amount of money spent on precautionary measures such as anti virus software would be better invested in fighting cyber crime.
"Cyber-frauds such as fake antivirus net their perpetrators relatively small sums, with common scams pulling in tens of pence per year per head of population," the paper claimed. "But the indirect costs and defence costs are very substantial – at least ten times that."
"The botnet behind a third of the spam sent in 2010 earned its owners around $2.7m, while worldwide expenditures on spam prevention probably exceeded a billion dollars," it claimed.
"We should perhaps spend less in anticipation of computer crime (on antivirus, ﬁrewalls etc.) but we should certainly spend an awful lot more on catching and punishing the perpetrators."