Slovenian police will hold a press conference on Friday to discuss the arrest of three men in connection the massive Mariposa botnet that was disabled late last year.
A 23-year-old man was arrested in Maribor, Slovenia, about 10 days ago, says a press officer for the Slovenian National Police. He has been released but is expected to be charged with computer-related crimes, the officer says. The US Federal of Bureau of Investigation confirmed the arrest on Wednesday morning.
Two others were also arrested. Their names can't be released due to restrictions under Slovenian law.
Millions of computers worldwide were infected with the Mariposa botnet code, which allowed hackers to siphon information from those machines and launch denial-of-service attacks against others.
FBI Director Robert S Mueller said in March that Mariposa had infected the computers of Fortune 1000 companies and major banks. Mariposa's authors changed the botnet's code as frequently as every 48 hours in order to go undetected by security software.
But Mariposa's controllers made a mistake and used one of their real names to register domains that were used to control the bots. Although they used a private domain name registrar, the company cooperated with investigators.
Security researchers formed the Mariposa Working Group in order to take down the botnet. Its command-and-control servers were disabled in December, and the group passed information to law enforcement agencies in Spain and the US. In March, Spain arrested three men in connection with Mariposa.