FBI nabs 10 for Yahos worm spread on Facebook

US and international law enforcement have charged 10 John Does with their connection to a global crime ring that infected 11 million computers.

The FBI announced Tuesday that the suspects helped operate the “Butterfly” botnet, which spread multiple variants of banking malware Yahos to victims worldwide, stealing credit card, bank account and other personal information. The attacks led to more than US$850 million in losses.

The worm targeted users on Facebook between 2010 and October of this year, often spreading through instant messages, the FBI said. The social networking site assisted law enforcement in its investigation of the cyber criminals behind the malware.

Individuals in the New Zealand, United States, Britain, Peru, Croatia, Macedonia and Bosnia and Herzegovina were arrested as part of a joint operation involving the FBI, U.S. Department of Justice and international authorities.

An FBI spokeswoman declined to say where the suspects will be prosecuted.

In April 2011, Security firm FireEye offered details about the worm, which was targeting Facebook and MySpace users. Researchers said the version they studied was a "modified form” of older malware, called “SdBot,” also known for spreading through IMs.

“Yahos uses Facebook's IM service to send fake messages to users' friends' list and urges them to visit an external website hosting malicious binaries,” FireEye said. Victims were often lured with IMs directing them to follow links to photos.

A spokesperson for Facebook was not available for comment.

This article originally appeared at scmagazineus.com