The botnet of a 22-year-old hacker arrested last week consisted of more than 4.5 million computers, making it the largest publicly known botnet to date, Russian police said.
The hacker used banking Trojans to steal 150 million roubles, almost £2.9 million or $4.5 million, from private individuals and organizations.
The hacker known as “Hermes” and “Arashi” in online communities and used variants of Carberp and similar Trojans to commit the crimes. The Trojan stole users’ access credentials and used them to transfer money to bogus companies. Helpers then withdrew the stolen money from cash points. Most of the victims were Russian nationals.
Overall, the Trojan infected more than six million computers. On some days, more than 100,000 new computers ended up recruited.
“Hermes” also rented out the botnet to third parties (Google translation), according to the Russian Interior Ministry.
The authorities said the arrest of “Hermes” and other members of his hacker group came with the assistance of anti-virus company Dr. Web. Most of the accomplices lived in Moscow and St. Petersburg while police arrested “Hermes” in Southern Russia.