The arrest in the Mariposa case is the result of several months of painstaking effort by all three law enforcement operations and builds on the arrests of a trio of Slovenians earlier this year.
The man – known as Iserdo – is thought to be a close colleague of the three Slovenians – Florencio Carro Ruiz, Jonathan Pazos Rivera, and Juan Jose Bellido Rios – who were arrested in Spain in February following an investigation that was assisted by Luis Corrons, the technical director of Panda Security.
According to the FBI, the Mariposa botnet is the result of malware code created by Iserdo, who sources suggest sold an early version of the code to the trio arrested in February.
"In the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world", FBI director Robert Mueller said in a prepared statement.
FBI cybersecurity division assistant director Gordon Snow is quoted by the AFP newswire as saying he welcomed the co-operation of the Slovenian and Spanish authorities in the case.
"Cybercrime knows no boundaries, and without international collaboration, our efforts to dismantle these operations would be impossible", he said.
According to FBI director Mueller, over the last two years, the software used to create the Mariposa botnet was sold to hundreds of other criminals, making it one of the most notorious in the world.
"These cyber intrusions, thefts, and frauds undermine the integrity of the internet and the businesses that rely on it; they also threaten the privacy and pocketbooks of all who use the internet", he said.
Panda's Luis Corrons has been working closely with the Spanish police and the FBI on helping to track down Iserdo.
As reported previously by Infosecurity, Corrons assistance culminated in the arrests of three Slovenians in February. Shortly after the arrests, Corrons revealed that two of the people arrested had actually applied for jobs with Panda.
In a security blog posting, Panda's technical director says that the arrested trio probably bought the Mariposa bot from Iserdo.
Corrons said in his blog that the FBI had asked his team not to discuss Iserdo.
In a complex web of hackery, Corrons says that Iserdo sold the Mariposa code to one of the three Slovenians arrested earlier this year.
The investigation into Mariposa is not over, says Corrons, as the Spanish police are still trying to arrest more people, whilst Iserdo "has been selling the bot to different people, who are creating new botnets".