Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 4 MINUTES AGO.
You are here: Home / Viruses & Malware / SpyEye Malware Hackers Sentenced
SpyEye Malware Hackers Sentenced; Caused $1 Bil Losses
SpyEye Malware Hackers Sentenced; Caused $1 Bil Losses
By Jef Cozza / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
25
2016

Two of the hackers behind the infamous SpyEye malware attack were sentenced last week to a combined 24 years in prison. The attack was responsible for nearly $1 billion in losses in the financial industry around the world, according to the Federal Bureau of Investigation (FBI).

Aleksandr Andreevich Panin of Russia and Hamza Bendelladj of Algeria were perhaps more widely known by their online handles, Gribodemon and Bx1. Under those aliases, the two men helped develop and distribute the virulent software, which at one point was the preeminent banking malware Trojan in the world.

The Biggest Trojan in the World

SpyEye was used by a global syndicate of cybercriminals to infect more than 50 million machines between 2010 and 2012, according to the government. “It is difficult to [overstate] the significance of this case, not only in terms of bringing two prolific computer hackers to justice, but also in disrupting and preventing immeasurable financial losses to individuals and the financial industry around the world,” said John Horn, U.S. Attorney for the Northern District of Georgia, in a statement.

The FBI said the arrest and prosecution of the two men had effectively reduced the threat to users of falling victim to SpyEye to zero. The malware was designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs, and other personally identifying information.

SpyEye functioned by secretly infecting victims’ computers, enabling cybercriminals to remotely control the infected machines through command and control servers.

Once a computer was infected and under the hackers' control, cybercriminals remotely accessed the infected computers, without authorization, and stole victims’ personal and financial information through a variety of techniques, including Web injects, keystroke loggers, and credit card grabbers. The victims’ stolen personal and financial data was then surreptitiously transmitted to the command and control servers, where it was used to, among other things, steal money from the victims’ financial accounts.

1 Million Spam E-Mails

Panin was the primary developer and distributor behind SpyEye, according to the FBI. Panin developed SpyEye as a successor to the Zeus malware that had wreaked havoc on financial institutions around the world since 2009. In November 2010, Panin allegedly received the source code to Zeus from another hacker, known as Evginy Bogachev, currently the FBI’s most wanted cybercriminal.

Together with Bendelladj, Panin and Bogachev marketed and sold multiple versions of the tool to criminals online through forums such as Darkode. The FBI said Bendelladj’s arrest was one of the major factors contributing to the downfall of Darkode in 2013.

Bendelladj was also accused of sending more than 1 million spam e-mails containing strains of SpyEye and related malware to computers in the United States, as well as developing and selling add-ons for botnets, such as a spreader, Automated Transfer System, and Web injects. Those tools were designed to secretly automate the thefts of funds from victims’ bank accounts and proliferate the spread of malware, including SpyEye and Zeus.

Panin and Bendelladj, both 27, were sentenced in the U.S. District Court for the Northern District of Georgia. Panin was sentenced to nine years, six months in prison, while Bendelladj was sentenced to 15 years.

Image Credit: Artist's Concept/iStock.

Tell Us What You Think
Comment:

Name:

William Smith:
Posted: 2016-04-30 @ 10:28am PT
I can't believe it, Aleksandr Andreevich Panin was such a good kid. I remember how he use to read the Bible everyday. He accepted Jesus Christ as his personal savior years ago.

Sandy Laughlin:
Posted: 2016-04-25 @ 2:05pm PT
They need to serve ALL THE YEARS sentenced plus digging ditches as payment for their food.

Like Us on FacebookFollow Us on Twitter
MORE IN VIRUSES & MALWARE

NETWORK SECURITY SPOTLIGHT
More than a month after the Justice Department charged a Lithuanian man in a $100 million phishing scam against two Internet companies, the victims have been identified as Google and Facebook.

ENTERPRISE HARDWARE SPOTLIGHT
Electronics giant Acer has unveiled its new line of 2-in-1 notebooks that run the gamut from low-cost models designed to be little more than Web-browsing devices to some sleek-looking powerhouses.
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.