The Metropolitan Police's Central e-Crime Unit (PCeU) have made the first arrests in Europe's fight against the Zeus (or Zbot) Trojan.
At the beginning of this month, the PCeU, with help from the Greater Manchester Police, arrested a man and woman both 20 years old. They were held under the 1990 Computer Misuse Act and the 2006 Fraud Act.
The Met Police said that the arrests in connection with Zeus represented some of the first in the world, and the first in Europe to combat its distribution and control.
The malware works by infecting computers surreptitiously, often through spam and social engineering, accessing financial information that allows criminals to steal money from bank accounts.
Data taken can include online bank account details, credit card numbers as well as social networking passwords.
Recent figures from RSA said that the Zeus Trojan is available to buy for $1,000. It is also available to rent, and easy to use.
In a statement, Detective Inspector Colin Wetherill said that Zeus had already obtained huge quantities of sensitive information from thousands of compromised computers around the world.
"The arrests represent a considerable breakthrough in our increasing efforts to combat online criminality," he said.
Graham Cluley of security firm Sophos said that Zeus wasn't just one piece of malware, but a family with many different members adopting different disguises to infect users.
"Furthermore Zbot hijacks your computer, making it part of a criminal botnet," he said in a statement.
"If the police have begun to unravel the Zbot gang then that's something that should definitely be applaud," he added.
It's the second success in a week for the PCeU, which also saw four members of a criminal gang sent down for a combined total of 13 years.
