"In the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world," said FBI Director Robert S. Mueller in a press release. "These cyber intrusions, thefts, and frauds undermine the integrity of the Internet and the businesses that rely on it; they also threaten the privacy and pocketbooks of all who use the Internet."

The Spanish Guardia Civil arrested three suspected Mariposa Botnet operators in February (ip-192.com reported here and here). The suspected creator of the botnet was now arrested by the Slovenian police. "We are glad to cooperate with the United States; the FBI's assistance is invaluable and represents professional affirmation of our force," said the Slovenian Minister of the Interior Katarina Kresal and Slovenian Criminal Police director General Janko Gorsek in a joint statement. "This case shows that cyber crime issues call for international police cooperation that shouldn’t be hindered by geographical borders. The FBI has demonstrated a high level of collaboration in which our countries were equal partners, which was crucial for the success of the investigation and reducing the threat on a global level. This partnership serves as a solid basis for future cooperation."

Over the past two to three years, the creator of the Butterfly botnet did sell the virus to cybercriminals worldwide, allowing them to infect thousands of computers and create the Mariposa botnet.

"In the past 24 hours, McAfee identified a new threat that impacts Windows PCs. Researchers worked diligently to address this threat that attacks critical Windows system executables and buries itself deep into a computer’s memory," said McPherson. "McAfee is aware that a number of customers have incurred a false positive error due to this release. We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base..."

Meanwhile, McAfee's Business Community blogger site and Twitter are awash with comments from angry users. It seemed that the National Science Foundation, hospitals, and local police stations were affected, among many others. Computers that used McAfee's VirusScan 8.7 started to reboot randomly after a critical Windows system file was flagged as a potential virus.

McAfee has posted an update to remedy the situation here. The site contains a link for further troubleshooting if users are unable to update their virus definitions.

The Spanish police arrested the masterminds behind one of the world’s largest botnets. "It was so nasty; we thought we have to turn this off. We have to cut off the head," said Chris Davis, CEO of Defense Intelligence Inc, which discovered the virus last year.

Mariposa was programmed to secretly take control of infected machines. The virus would steal login credentials and record every keystroke on an infected computer. "Basically they were going after anything that would make them money," Davis said. Mariposa initially spread by exploiting vulnerability in Microsoft Corp's Internet Explorer Web browser. It also contaminated machines by infecting USB memory sticks and by sending out tainted links using Microsoft's MSN instant messaging software, he said.

The arrested men have not been named beyond their screen names of netkairo, jonyloleante, and ostiator. They are said to be Spanish citizens in the 20s or early 30s.

While the botnets command and control centers have been dismantled, millions of computers remain infected.

The network, called Waledac, is thought to be controlled by Eastern European hackers and has been a major source of computer infections and spam over the past year. In a lawsuit filed Monday with the U.S. District Court of Eastern Virginia, Microsoft argues that VeriSign, which manages the domain, is a choke-point for the botnet.

"This action has quickly and effectively cut off traffic to Waledac at the '.com' or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world," Microsoft said in its blog post announcing the effort.

It is believed that the Waledac botnet did have the capacity to send over 1.5 billion spam emails per day. 651 million spam emails from Waledac went to Hotmail accounts alone during a three-week period in December 2009, according to Microsoft. The emails included offers and scams related to online pharmacies, jobs, penny stocks, and imitation goods.

"At Microsoft, we don't accept the idea that botnets are a fact of life," said Tim Cranton, associate general counsel at Microsoft, in a blog. "We are a founding member of the Botnet Task Force, a public-private partnership to join industry and government in the fight against bots. That's why I'm proud to announce that through legal action and technical cooperation with industry partners, we have executed a major botnet takedown of Waledac, a large and well-known spambot."

According to several reports, at least four variants of the worm have been written so far. They don't do anything other than install the wallpaper. However, BBC experts believe that the new worm could spawn more malicious variants in the future.

For now, the threat seems to be limited to owners of jail-broken (a term that refers to a hack that allows users to run software not approved by Apple on the iPhone) iPhones in Australia.

Its 21-year-old creator, Ashley Towns, who lives south of Sydney, says that he created the virus to raise the issue of security, according to Australia's ABC News Online. "This virus pretty much exploits people's laziness to change their password," he says.

It can be removed by changing the phone's password and deleting some files.