Europol tackles ZeuS, SpyEye banking Trojan cybercrime ring

Arrests, equipment seizure and searches have taken place across multiple countries to eradicate the cybercrime threat.
Written by Charlie Osborne, Contributor on

Europol has cracked down on a cybercrime ring believed to have developed and distributed malware designed to steal valuable financial information.

Announced last week, Europol's latest cybercrime sting -- conducted with the help of partners in Estonia, Latvia, Germany, Moldova, Poland, Ukraine and the US, resulted in the arrest of five suspects stemming from eight house searches and the seizure of computer equipment in multiple cities across Ukraine.

The joint operation, between Europol and Eurojust, focused on arresting suspects believes to have developed, exploited and distributed ZeuS and SpyEye malware. These two malware families are well-known banking Trojans used by botnets and phishing campaigns worldwide.

See also: ZeuS variant strikes 150 banks worldwide

"The cybercriminals used malware to attack online banking systems in Europe and beyond, adapting their sophisticated banking Trojans over time to defeat the security measures implemented by the banks. Each cybercriminal had their speciality and the group was involved in creating malware, infecting machines, harvesting bank credentials and laundering the money through so-called money mule networks," Europol says.

In addition, underground forums were used to trade stolen credentials, compromised bank account information and malware, and the group also sold their own hacking services and looked for new partners in cybercrime.

Europol says the cybercrime ring was "extremely" active and has infected tens of thousands of PCs -- as well subsequently targeting major banks. The damage caused by the cybercrime ring is believed to be at the €2m mark.

On 18 and 19 June, law enforcement arrested the suspects as part of a long-running investigation revolving around cybercrime in Europe which was launched in 2013 by JIT members (Austria, Belgium, Finland, the Netherlands, Norway and the United Kingdom) to take down cybercriminals.

The total number of cybercriminals now arrested has reached 60, and JIT says the group has enjoyed "significant operational successes." The organization has collected terabytes of data as part of the investigation, which will now be used to track down other suspects.

Rob Wainwright, Director of Europol commented:

"In one of the most significant operations coordinated by the agency in recent years Europol worked with an international team of investigators to bring down a very destructive cybercriminal group.
With our international partners, we are committed to fighting the threats brought about by malware and other forms of cybercrime, to realise safer technology infrastructures and online financial transactions for businesses and people the world over."

Earlier this year Europol took down the Beebone botnet, which is estimated to have infected over 12,000 computers with banking-based Trojans and additional malware. The organization used a technique called "sinkholing" to disrupt the botnet -- in other words, the team registered, suspended and seized domain names linking the command-and-control (C&C) center's communication channels to victim PCs. Europol called the botnet a "sophisticated" example due to its daily updates and software insurance policies against removal.

Essential Firefox Add-ons to improve your productivity

Read on: Top picks


Southwest Airlines has cancelled 20,000 flights. Now for the really bad news

Southwest Airlines has cancelled 20,000 flights. Now for the really bad news

How to stop spam messages on your iPhone with this almost-secret hidden switch

How to stop spam messages on your iPhone with this almost-secret hidden switch

How to clean any flat screen TV or monitor

How to clean any flat screen TV or monitor