A month has passed since the Mariposa malware author was arrested in Slovenia, and more details about the case have surfaced in the meantime.
The Slovenian police says that they have performed several house searches and confiscated 75 pieces of computer equipment. They detained two suspects (aged 23 and 24), who are facing charges for creation of tools that enable computer crime and money laundering.
According to Panda Security, that’s all the information that the police has shared with the public. But, the media mounted its own investigation and unearthed the identities of the two suspects.
According to them, “Iserdo” is failed medicine student Matjaz Skorjanc from Maribor, Slovenia. The other suspect is a girl – Nusa Coh (“L0La” on IRC), also from Maribor, who has apparently been collecting some of the payments made through Western Union for Skorjanc. It is still unclear if she knew what the money was for.
A third person was also investigated, but not arrested. Dejan Janzekovic, a system administrator with a Slovenian telecom company and ISP, was apparently investigated because Iserdo sometimes used his picture as his identification and he and L0La were classmates in high school.
When Iserdo and L0La were arrested, the website that Iserdo used to promote and sell his “butterfly” bot was taken down. Some weeks after that it was back online, only to be taken down again by the hosting company following a takedown request from Slovenian CERT.
Netkairo and Ostiator – the two Spanish Mariposa botnet operators – have yet to be charged.