Facebook announced their work to take down the ‘Lecpectex’ botnet on Tuesday. The information came via a blog post on the company’s website.

Alerted by Facebook on April 30th, Greek authorities arrested two suspects on July 3rd. The suspects “were in the process of establishing a Bitcoin “mixing” service to help launder stolen Bitcoins at the time of their arrest.”

The botnet, which was first detected in December 2013, compromised as many as 50,000 accounts and hijacked as many as 250,000 computers to send infected spam, steal passwords/wallet keys, and mine Litecoin.

In April, Facebook took action to takedown distribution, testing, and monetization accounts. Additionally Facebook adjusted their website to disrupt the botnet’s operations. These efforts apparently stymied the botnet’s controllers, and they expressed their displeasure:

“In May we noticed the command and control servers had started leaving notes for our team such as “Hello people.. :) <!- Designed by the SkyNet Team -> but am not the f***ing zeus bot/skynet bot or whatever piece of sh*t.. no fraud here.. only a bit of mining. Stop breaking my ballz..” Around the same time we also noticed that encryption keys used in the malware began to use phrases that appeared to be messages such as “pepeishereagain1” and “IdontLikeLecpetexName.”

The company thanked the Greek Cyber Crime Division for their help and professionalism.

Related articles across the web