Police in Spain have arrested three men in connection with the Mariposa botnet, a networking of malware-infected PCs that is reportedly the largest of its kind.

Mariposa was disabled in December 2009 when a working group of volunteers, some of which were security software vendors, managed to take over the ‘command and control’ servers that co-ordinate the network.

The working group gave details of three alleged hackers that were controlling the botnet to police in Spain. One was arrested in January, and another two were arrested this week, it emerged today.

Previously, Mariposa had been used for a range of cybercriminal activity, including distributed denial of service attacks and data theft. According to Defense Intelligence, one of the companies that took part in the volunteer group, it had infected devices owned by half of the Fortune 100 companies and hundreds of government agencies.

The arrests follow a recent legal victory by Microsoft in which the software giant won the right to close down websites that were distributing malware linked to the Waledac botnet.

Despite these victories, however, botnets remain a powerful security threat. Last month, a new botnet – dubbed ‘Kneber’ – was found to have infected 74,000 PCs across 2,500 businesses and public sector organisations.

According to Microsoft, there are 3.8 million PCs infected with botnet-related malware. Most of these run on a Microsoft operating system, which is why it is pursuing legal recourse to combat botnets, the company says.

Speaking at the RSA Security conference in San Francisco this week, Microsoft security VP Scott Charney said that like diseases, tackling botnets will require social programs – such as education or even taxation – as well as technical solutions.