Wednesday, January 29, 2014

SpyEye Malware Mastermind Pleads Guilty

Botnet Bust
SpyEye Malware Mastermind Pleads Guilty

January 28, 2014

Today, Russian national Aleksandr Andreevich Panin pled guilty in an Atlanta federal courtroom to a conspiracy charge associated with his role as the primary developer and distributor of malware—called SpyEye—created specifically to facilitate online theft from financial institutions, many of them in the U.S.

SpyEye infected more than 1.4 million computers—many located in the U.S.—obtaining victims’ financial and personally identifiable information stored on those computers and using it to transfer money out of victims’ bank accounts and into accounts controlled by criminals.

Ultimately, though, Panin sold his malware online to the wrong customer—an undercover FBI employee. And after an investigation involving international law enforcement partners as well as private sector partners, a dangerous cyber threat was neutralized.

How the conspiracy operated. From 2009 to 2011, Panin conspired with others, including co-defendant Hamza Bendelladj (charged and extradited to the U.S. last year), to advertise and develop various versions of SpyEye in online criminal forums.

One ad described the malware as a “bank Trojan with form grabbing possibility,” meaning it was designed to steal bank information from a web browser while a user was conducting online banking. Another ad said that the malware included a “cc grabber,” which scans stolen victim data for credit card information.

Panin sold the SpyEye malware to more than 150 “clients” who paid anywhere from $1,000 to $8,500 for various versions of it. Once in their hands, these cyber criminals used the malware for their own nefarious purposes—infecting victim computers and creating botnets (armies of hijacked computers) that collected large amounts of financial and personal information and sent it back to servers under the control of the criminals. They were then able to hack into bank accounts, withdraw stolen funds, create bogus credit cards, etc.

In February 2011, a search warrant allowed the FBI to seize a key SpyEye server located in Georgia. It was several months after that when the FBI bought SpyEye online from Panin—which turned out to be very incriminating because that particular version contained the full suite of features designed to steal confidential financial information, make fraudulent online banking transactions, install keystroke loggers, and initiate distributed denial of service (or DDoS) attacks from computers infected with malware.

Panin was arrested in July 2013 while he was flying through Hartsfield-Jackson Atlanta International Airport.

CONTINUE READING...

No comments: