Eight people have been arrested in Russia on suspicion of stealing more than 60 million rubles (£1.3m) from at least 90 bank accounts.
According to blogger and University of Alabama director of research in computer forensics Gary Warner, the men are accused of using the Carberp Trojan that grants remote-control access to infected computers to steal data from them or to mask the origin of other attacks. The men were not named but are Moscow residents aged between 26 and 29.
The Russian authorities said they have been tracking the men since October 2011, and one of them was a known criminal with a record related to real-estate fraud.
A press release from the Ministry of Internal Affairs said the stolen money was held in several accounts and eventually withdrawn at various ATMs in Moscow.
The men are accused of having rented an office; confiscated equipment included computers thought to be used to spread the malware and access the victims' computers, and a large number of bank cards, as well as cash and "all kinds of documentation".
The malware was distributed by hacking into popular internet sites, including those of some prominent newspapers, and leaving 'traps'.
Warner said: “It is not known at this time how this arrest will impact other use of the Carberp Trojan. The Trojan continues to be active, with criminals continuing to take advantage of the lack of enforcement of domain name registration rules, and the gullibility of human computer users.”
Paul Ferguson, senior threat researcher at Trend Micro, said this was "welcome news" and renewed "optimism on international cyber crime prosecutions".
He said: “I just wanted to point out that this is yet another great example of international collaboration between both private industry research and international law enforcement. I certainly hope that we see more of this in the future, so that serious internet criminals do not think that they are outside the reach of the long arm of the law.
“We applaud the efforts and actions of the Russian authorities in this case, and we hope to see more international co-operative efforts to bring cyber criminals to justice around the world.”
Trend Micro's threat research into Carberp found victims in government, industry and academia. Ferguson described Carberp as a "particularly nasty" banking Trojan with the capability to install itself without administrator privileges, effectively defeating Windows 7 and Vista's User Account Control feature.