Mariposa victims were present in more than 190 countries and the botnet also managed to snare computers in more than 40 major banks and entreprises, all of which are in the top 1000 companies in the world.

The scale of the intrusion of Mariposa amongst the global companies was such that it prompted Christopher Davis, chief executive of security firm Defence Intelligence, to tell the BBC that it would be easier to come up with a list of Fortune 1000 companies that haven't been compromised.

The team behind Mariposa had managed to exploit an unknown vulnerability in Microsoft's Internet Explorer browser to spread across P2P networks, USB drives and even Instant messaging links.

They managed to collect sensitive data from more than 800,000 people globally since the botnet came into operation and was only discovered in early 2009 before being completely closed down in December 2009.

The law enforcement authorities have disclosed that it was only after one of the criminals made a faux-pas by forgetting to mask his IP address that they managed to zero on the three criminals.

The Spanish authorities are looking for a fourth suspect who might be Venezuelan.

The people in custody did not design the malicious software behind the grid; they just bought it on the black market, a police spokesman said.

"We have not arrested the creator of the botnet. We have arrested the administrators of the botnet, the ones who spread it and were administering and controlling it," said Civil Guard Jose Antonio Berocal, in charge of Cybercrime, at Madrid conference.