British police have made the first European arrests connected to the spread of a data-thieving virus thought to have infected tens of thousands of computers worldwide, Scotland Yard said.
The electronic crimes unit of London's police force said a man and a woman, both 20, were arrested in Manchester on 3 November on suspicion of helping infect computers with programmes sometimes known as "Zbot" or "ZeuS."
One expert described the viruses as the "most notorious pieces of malware of recent times."
"This is one of the most frequent families of worms that we encounter," said Graham Cluley, a technology consultant with British security firm Sophos PLC.
"The ferocity with which it's been spammed out on occasions has really hit our radar."
Cluley said the Zbot family of viruses first came to his attention in 2007.
Since then it has periodically swept across the internet, stealing personal information from computers across the world and feeding it back to cyber-criminals.
The viruses are commonly known as Trojan Horses or Trojans because they sneak onto computers and attack them from the inside, harvesting millions of lines of data - including banking information, credit card numbers and social networking passwords.
The viruses spread by sending emails or other messages from infected computers, impersonating banks, tax officials, credit card companies or even friends and enticing potential victims to click on a link that downloads the Trojan.
Police said given the amount of information stolen "the potential financial gains to the culprits and losses to individuals and institutions are very substantial."
Cluley said it was impossible to know how much money had been lost to the viruses, adding that attacks were ongoing - including two big waves in the past week alone.
Police said the Manchester pair were arrested on suspicion of breaking Britain's fraud and computer laws. It said the arrests were the first in Europe - and among the first worldwide - to combat the spread of Zbot but did not provide further details.
The pair, who have since been released on bail, were not identified.