Greek police made two arrests last week in connection with a little-known spamming botnet called “Lecpetex”.
According to PC World, the botnet used hacked computers to mine the Litecoin virtual currency and affected as many as 50,000 Facebook accounts, and as many as 250,000 computers worldwide.
Facebook said the botnet creators taunted Facebook through messages left on servers that were part of its network, and launched at least 20 spam campaigns between December 2013 and June 2014 which affected Facebook and other online services.
Computers were affected by private messages containing a “.zip” attachment, which contained a Java JAR file or Visual Basic script. If executed, those files would then retrieve other malware modules stored on remote sites. The modules were either DarkComet, a widely used remote access tool that can harvest login credentials, or variants of software that mines the virtual currency Litecoin.
The Greek Cybercrime Subdivision was notified on April 30th and by July 3rd, Greece told Facebook that two suspects were in custody, and that they had been creating a Bitcoin “mixing” service to help launder their proceeds.