Categories: SecurityWorkspace

SpyEye Banking Malware Mastermind Pleads Guilty

The man responsible for creating, maintaining and disseminating SpyEye, a banking Trojan that was able to seize personal account details, has pleaded guilty in an Atlanta, US court.

Russian national Aleksandr Andreevich Panin was identified after selling SpyEye to an undercover FBI agent. He was apprehended by Interpol in the Dominican Republic and estradited to Georgia, where he was arrested at Hartsfield-Jackson Atlanta International Airport.

SpyEye infected more than 1.4 million computers, according to the FBI, making off with banking login data. SpyEye botnets were also used for distributed denial of service (DDoS) attacks to take websites offline.

SpyEye sting

Panin allegedly worked alongside co-defendant Hamza Bendelladj, who was charged and extradited to the US from Thailand last year, selling different versions of the malicious software for between $1,000 and $8,500.

The crackdown on SpyEye formed part of Operation Clean Slate, which the FBI said was set up to go on the offensive against “the major cyber players who make botnets possible”.

“The next person you peddle your malware to could be an FBI undercover employee… so regardless of where you live, we will use all the tools in our toolbox – including undercover operations and extraditions – to hold cyber criminals accountable for profiting illicitly from US computer users,” said FBI executive assistant director Rick McFeely.

Whilst SpyEye largely targeted US bankers, UK users were also made to pay by the malware, itself a relative of Zeus, another financial data thief. In 2012, two men from the Baltic region were imprisoned in the UK for running a SpyEye operation that earned them £100,000.

Trend Micro helped law enforcement in bringing down the SpyEye masterminds. “Almost four years ago, the … team at Trend Micro began a particularly focused investigation into the person or people behind SpyEye. Over the intervening period, we mapped out the infrastructure used to support the malware, we identified weak points in that infrastructure and pursued a number of important leads pointing to the identities of individuals behind this pernicious banking Trojan,” said Rik Ferguson, vice president for security research at Trend.

“Once we felt that we had sufficient information we involved law enforcement who drove it to the successful conclusion you see today.”

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago