Law enforcement officials in Greece recently arrested two people last week that they believe were responsible for operating a botnet called Lecpetex. The hackers reportedly infiltrated up to 50,000 Facebook accounts and some 250,000 computer which were used to mine Litecoins, a popular alternative virtual currency similar to Bitcoins.
As outlined in a blog post, Facebook’s Treat Infrastructure team has been working with several industry partners over the last seven months to eradicate the botnet. It took that long to bring down Lecpetex primarily because it featured multiple technical features that made it more resilient to analysis and disruption efforts.
For example, its authors made continuous changes to the malware to avoid detection by anti-virus software.
The method of infection wasn’t all that clever, however. They simply sent spam messages to thousands (maybe millions) of users and those who didn’t know any better opened the attachments, ultimately infecting their computer.
Those behind Lecpetex eventually caught on to Facebook’s efforts to shut it down, even leaving notes on command-and-control servers proclaiming their innocence. On April 30, the social network reached out to Greek police who quickly launched an investigation. By July 3, two suspects had been taken into custody.
Facebook’s post goes into a lot more detail than we have time to cover here. If you’re interested in the finer details of the botnet, feel free to pop over and check out the full post.