Spanish authorities have arrested three men alleged to be behind the malignant Mariposa botnet, which had spread to almost 13 million PCs in less than a year.
The suspects were cornered when they tried to reactivate the network's command and control servers, which were deactivated by police in December, according to the AP.
PCs in over half of the Fortune 1000 largest companies were reportedly part of the network, which spanned 190 countries.
The arrested men have not been named beyond their screen names of netkairo, jonyloleante, and ostiator. They are said to be Spanish citizens with no criminal history. All three are in the 20s or early 30s.
Mariposa spread its malware via file sharing networks and Microsoft instant messaging programs, according to an analysis by Defence Intelligence, which has been investigating the network since last May.
The company found evidence that the botnet's controllers were making money by intercepting and spoofing Google Adsense URLs.
The malware was constantly updated by its controllers. While companies had been warning about the network since December 2008, Defence Intelligence found that only 6 out of 41 anti-virus vendors were capable of identifying Mariposa bots as of July last year.