FBI, Facebook Team Up to Fight 'Butterfly Botnet'

FBI, Facebook join forces to fight "Butterfly Botnet" cyber attack.

ByABC News
December 12, 2012, 4:46 PM

Dec. 12, 2012— -- The FBI says a "Butterfly Botnet" cyber attack targeted 11 million computer users around the world and was responsible for over $850 million in losses. The malware program gained access to many individual computers through Facebook, and was able to steal computer users' credit card and bank account numbers and other valuable information. The attacks occurred between 2010 and October 2012.

Botnet is shorthand for a robot network, made up of compromised computers that can be used by cyber criminals to distribute spam or malware or to steal information from private users and networks.

The FBI credited Facebook's security team with helping to identify the "root cause, the perpetrators, and those affected by the malware." ABC News asked Facebook how many users were affected, and spokesman Frederic Wolens responded in an email, "We are not disclosing exact figures at this time, but it was a much smaller subset of users than the 11 million stat quoted (by the FBI)."

The FBI says the investigation identified international cyber crime rings that allegedly used variants of a piece of malware called Yahos to invade personal computers worldwide. Variations of the Yahos malware are known to attack through instant messaging platforms, often prompting users with fake messages from someone on their "friends" list. A click then sends the user to an external site that installs the malware, and the computer becomes part of the botnet.

Cyber security expert Mark Rasch tells ABC News that social networks are prime targets of cyber criminals. "If your goal is to distribute malware widely with the illusion of trust, Facebook and Twitter would be ideal vectors," Rasch said.

Facebook spokesman Wolens said the social network was able to block many of the attempted malware attacks.

"Any Facebook user that we detected as infected was put through our malware checkpoint and our anti-spam systems were able to block any content we identified as originating from this malware," Wolens wrote. "We were able to build detection and remediation tools very quickly, however, the vast majority of the infections occurred 'out of band' (I.E. not on Facebook) so we did not have full visibility into the attack.

And Wolens said Facebook users who were the victims of an attack got help. "Whenever we were able to detect an infected account we check pointed the user and helped them remediate their affected devices, but we only had limited insight into new infections."

The FBI and international law enforcement picked up some of the botnet suspects overnight, but no criminal charges have been publicly filed. The FBI says the investigation is far-flung and complex. The FBI's Cyber Division, International Operations Division, and no fewer than 23 U.S. field offices are involved in the case. In addition, the FBI has received assistance from law enforcement agencies in Bosnia and Herzegovina, Croatia, Britain, New Zealand and Peru. An FBI spokesman told ABC News some details are being kept under wraps because the investigation is continuing.

"The most important thing about this attack is that there was international cooperation and they apparently found the people behind it," cyber security expert Mark Rasch said. "Fighting cyber criminals may at times be a losing battle, but it's a battle we have to keep fighting."

Meanwhile, Facebook has launched a partnership with a number of anti-virus companies to help provide users with protection from malware. The link is: https://www.facebook.com/notes/facebook-security/expanding-the-facebook-av-marketplace/10151060808670766