Slovenian hackers investigated in Mariposa botnet probe

Butterfly
According to regional press reports, three Slovenian men are being investigated as part of an international probe into one of the world’s biggest botnets, which compromised millions of computers world.

Homes have been searched and “a large number” of computers seized in the Slovenian city of Maribor, where the young men attended the faculty of computer science. The FBI, working with local law enforcement agencies, believe that the men played a key role in the Mariposa botnet.

The Mariposa botnet (named after the Spanish word for “butterfly”) was shut down in late 2009, and arrests were subsequently made in Spain of hackers using nicknames such as “Netkairo”, “jonyloleante” and “ostiator”.

It was reported at the time that the Mariposa botnet compromised almost 13 million computers in more than 190 countries (including, allegedly, infiltrating 50 of the world’s Fortune 100 companies) – making it a huge cybercriminal operation.

Sign up to our free newsletter.
Security news, advice, and tips.

The computers were recruited into the botnet after being infected by a polymorphic family of malware called W32/Rimecud, which spread itself via a number of methods including copying itself to removable storage devices, instant messaging and P2P file-sharing systems.

If the police are correct, the Slovenian hackers created this malware and sold it to their counterparts in Spain.

The rewards to be made from running a botnet (through stealing credit card information and passwords, or sending spam or popping up irritating adverts) can be huge – but criminals need to learn that the punishments can also be severe.

We expect more information about the investigation to become available in the coming days.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.