Facebook Helps FBI Bring Down Butterfly Botnet
December 12, 2012

Butterfly Botnet Brought Down Thanks To Help From Facebook

Michael Harper for redOrbit.com — Your Universe Online

Like any other destination online, Facebook can be a very dangerous place. Aside from their ever-shifting privacy policies and settings, their more than 1 billion users are quite attractive to those given to cyber thievery. Scams are nothing new to Facebook users, and to the social giant´s credit, they work very hard to keep criminals away from their site.

Today, it was announced that Facebook had a hand in helping the FBI arrest those responsible for a botnet which is said to have stolen as much as $850 million from Facebook users, reports BBC News.

All told, the FBI worked with other global law agencies to bring in 10 people all over the world, such as Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, the US and the UK.

Those people arrested were found to be running a second iteration of the Butterfly botnet, using Yahos malware in order to steal banking and credit card information from Facebookers.

“Facebook´s security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by the malware,” the FBI said in a statement.
“Yahos targeted Facebook users from 2010 to October 2012, and security systems were able to detect affected accounts and provide tools to remove these threats.”

While exact details about the way these cybercriminals operated are slim, it´s likely they used methods similar to other botnet and malware operations. The Yahos malware has been found to gather personal information (such as bank account numbers and credit card numbers) from a user´s computer. The people running the software can then take this information and use it for themselves or sell it to other thieves online. Yahos also enlists these users into the Butterfly Botnet, which is responsible for enlisting even more users and obtaining their information as well. Those criminals which were arrested in this cybercrime ring likely used their botnet to control the computers of those enlisted, sending them to Facebook and creating spammy links. When a friend of this user clicks on the link, the Yahos malware is loaded onto their machine, and the process begins again.

All told, the Butterfly botnet is said to have been 11 million computers strong.

Facebook and The FBI also worked with Britain´s Serious Organised Crime Agency (SOCA) to help pin down a British suspect.

"SOCA officers executed a search warrant at an address in Molesey, Surrey, on the morning of 11 December, following which a man was arrested on suspicion of offenses under the Computer Misuse Act. He was later bailed pending further inquiries,” explained a spokesperson for the agency to The Telegraph.

Facebook isn´t immune to hoaxes and scams. Its users have had to be aware of clicking suspicious links or sharing too much of their information for years.

As such, Facebook´s security team has to be diligent in looking for these cybercriminals and helping law enforcement agencies bring them to justice. At the beginning of the year, Facebook´s security team helped identify the gang behind “Koobface,” a piece of malware which had been targeting Facebook users since 2008. Though the gang remains at large, Facebook was able to deactivate the command & control server. The Facebook security team was granted a favor in this situation when one of the members of this group checked into their St. Petersburg offices on Foursquare.