Europol tackles ZeuS, SpyEye banking Trojan cybercrime ring

Arrests, equipment seizure and searches have taken place across multiple countries to eradicate the cybercrime threat.

new-locker-crypto-repents-imagecredsymantec.jpg
Symantec

Europol has cracked down on a cybercrime ring believed to have developed and distributed malware designed to steal valuable financial information.

Announced last week, Europol's latest cybercrime sting -- conducted with the help of partners in Estonia, Latvia, Germany, Moldova, Poland, Ukraine and the US, resulted in the arrest of five suspects stemming from eight house searches and the seizure of computer equipment in multiple cities across Ukraine.

The joint operation, between Europol and Eurojust, focused on arresting suspects believes to have developed, exploited and distributed ZeuS and SpyEye malware. These two malware families are well-known banking Trojans used by botnets and phishing campaigns worldwide.

See also: ZeuS variant strikes 150 banks worldwide

"The cybercriminals used malware to attack online banking systems in Europe and beyond, adapting their sophisticated banking Trojans over time to defeat the security measures implemented by the banks. Each cybercriminal had their speciality and the group was involved in creating malware, infecting machines, harvesting bank credentials and laundering the money through so-called money mule networks," Europol says.

In addition, underground forums were used to trade stolen credentials, compromised bank account information and malware, and the group also sold their own hacking services and looked for new partners in cybercrime.

Europol says the cybercrime ring was "extremely" active and has infected tens of thousands of PCs -- as well subsequently targeting major banks. The damage caused by the cybercrime ring is believed to be at the €2m mark.

On 18 and 19 June, law enforcement arrested the suspects as part of a long-running investigation revolving around cybercrime in Europe which was launched in 2013 by JIT members (Austria, Belgium, Finland, the Netherlands, Norway and the United Kingdom) to take down cybercriminals.

The total number of cybercriminals now arrested has reached 60, and JIT says the group has enjoyed "significant operational successes." The organization has collected terabytes of data as part of the investigation, which will now be used to track down other suspects.

Rob Wainwright, Director of Europol commented:

"In one of the most significant operations coordinated by the agency in recent years Europol worked with an international team of investigators to bring down a very destructive cybercriminal group.

With our international partners, we are committed to fighting the threats brought about by malware and other forms of cybercrime, to realise safer technology infrastructures and online financial transactions for businesses and people the world over."

Earlier this year Europol took down the Beebone botnet, which is estimated to have infected over 12,000 computers with banking-based Trojans and additional malware. The organization used a technique called "sinkholing" to disrupt the botnet -- in other words, the team registered, suspended and seized domain names linking the command-and-control (C&C) center's communication channels to victim PCs. Europol called the botnet a "sophisticated" example due to its daily updates and software insurance policies against removal.

Read on: Top picks

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All