Tech

SpyEye malware creators to spend 24 years behind bars

A Russian and Algerian hacking team accused of developing malware which targeted banks have landed a hefty sentence for their acts.

Written by Charlie Osborne, Contributing Writer April 22, 2016 at 2:48 a.m. PT

Two hackers convicted of creating and distributing the SpyEye malware in order to steal cash from unwitting victims have been sentenced to a combined 24 years and six months in prison.

Aleksandr "Gribodemon" Andreevich Panin from Russia and Algerian Hamza "Bx1" Bendelladj developed the spyware for use in attacks against the financial industry, leading to organizations losing hundreds of millions of dollars worldwide.

The 27-year-olds were handed their sentences after standing in front of US federal judge Amy Totenberg in Atlanta.

Prosecutors said on Thursday the two were behind the banking Trojan, which was used in attacks in 2010 - 2012. The malware was made available to cybercriminals worldwide, resulting in the infection of over 50 million computers and almost $1 billion in "financial harm" to both individuals and companies.

SpyEye is a sophisticated banking Trojan which proved popular with cyberattackers. The malware was designed to steal valuable financial credentials, including usernames, passwords, PIN codes and personally identifiable information for use in breaking into online banking systems.

When the malware payload was delivered to a vulnerable Windows computer, usually through malicious downloads or web injections, SpyEye would lurk and steal information, as well as provide a conduit for hackers remotely to access the compromised PC through the malware's command and control (C&C) server.

The data would be transferred to the C&C server, where the controllers could use this information to break into online financial accounts and fraudulently transfer or spend funds.

According to US prosectors, Panin was the brains behind the outfit, having designed and distributed the malicious code as a successor to Zeus, a well-known Trojan which also caused havoc in the finance industry.

It is believed that Panin was able to acquire the source code and distribution rights of Zeus from Evginy "Slavik" Bogachev, and many of Zeus's features were then incorporated into SpyEye.

Security

Bogachev is currently on the FBI's most wanted list for his alleged role in creating and selling Zeus. The hacker remains free and has stayed out of the FBI's grasp.

Bendelladj acted as Panin's business partner, both helping Panin sell tailored versions of SpyEye on underground forums and conducting spam campaigns to increase infection rates. In addition, law enforcement says the Algerian developed and sold plugins for botnets, giving these networks of slave computers an extra, damaging factor -- the automatic theft of funds from compromised victim accounts.

After being charged with counts of conspiracy to commit fraud, computer fraud, wire fraud and bank fraud, Panin has been sentenced to nine years and six months in prison, with three years of supervised release afterwards. Bendelladj will serve a term for 15 years in prison as well as an additional three years of supervised release.

J. Britt Johnson, Special Agent in Charge, FBI Atlanta Field Office commented:

"Through these arrests and sentencing, the risk the public unknowingly faced from the threat posed by the imminent release of a new highly sophisticated version of SpyEye was effectively reduced to zero.
The arrests and sentences serve as a strong deterrent to future malware developers and their customers, regardless of where they are located."