How the butterfly botnet was broken

At its height, the Mariposa botnet consisted of about 13 million computers in 190 countries. A joint operation by researchers from Canadian security firm Defence Intelligence and Spain's PandaLabs, in conjunction with the U.S. FBI and the Guardia Civil, led to the arrest of three men in Spain earlier this month in connection with the Mariposa botnet.
The men, who had no specific computer training, are believed to have played a part in operating the command-and-control servers for the botnet, according to PandaLabs' technical director Luis Corrons, who spoke to ZDNet Asia's sister site ZDNet UK about "Mariposa"--which means butterfly in Spanish--following the arrest of the three men.
Q: When did security researchers start tracking the botnet?
A: It started in May 2008. Defence Intelligence noticed companies were getting infected and found a new botnet, which was Mariposa. They started an investigation and found links to Spain. They found that some of the command-and-control servers were located in Spain. Defence Intelligence was monitoring bots that were infected and were trying to connect. Different domains seemed to be located in Spain, so Defence Intelligence contacted us.
Read more of "How the butterfly botnet was broken" at ZDNet UK.