For malicious users, botnets represent one of the most lucrative get rich schemes.  The premise is relatively straightforward -- craft a virus that exploits vulnerabilities in the most used operating systems and infect numerous machines.  Once you have a mass of infected computers communicating with your command servers, they can be used as a for-hire army to perform such insidious tasks as mass spam mailing, mass theft of financial information, and denial of service attacks.

The key problem with the scheme is that its easy to spot and frequently is run by just a couple of individuals.  Take down those individuals and you can take down the botnet.  That's exactly the kind of breakthrough the FBI just made in the case of the botnet formed from the mariposa virus, also known as butterfly.

The mariposa virus first was launched in December 2008.  The virus quickly infected computers on half of the Fortune 1,000 companies and at least 40 major banks.

Back in 2009, the FBI and Spanish authorities arrested three individuals in Spain who had been maintaining the virus's botnet, which consisted of 12.7 million infected computers.  Now the FBI have nabbed a hacker in Maribor, Slovenia, named Iserdo, who allegedly wrote the virus.

States Jeffrey Troy, deputy assistant director for the FBI cyber division, "To use an analogy here, as opposed to arresting the guy who broke into your home, we've arrested the guy that gave him the crowbar, the map and the best houses in the neighborhood."

The mariposa botnet was primarily used to steal financial information from the infected victims.  It may have actually been designed for a smaller infection, but inadvertently infected many more machines.  Trend Micro security advisor Rik Ferguson comments, "The guys behind it said it was more successful than they had intended to be.  As is the case with most botnets, the more widespread they are the more likely they are to be discovered. They were a victim of their own success."

Ferguson says that takedown of Mariposa leaves the Conficker botnet as likely the world's largest.  There's an estimated 6M Conficker-infected machines, down from a peak of 12M machines.  While there's many smaller botnets, Conficker may be the last remaining huge botnet whose operators remain at large.

Despite the FBI's success in taking down botnets, Ferguson says the industry supporting botnets is still thriving.  He states, "The thing with the underground economy is that it's full of niche vendors and players, it mirrors legitimate business. There's a lot of competition - it's not unusual to see malware designed to remove other malware, just so that it can take over."