Creators of prolific global banking Trojan SpyEye get 24 years behind bars

Yesterday, two hackers responsible for the creation of the SpyEye banking Trojan were sentenced to a combined total of 24 years and six months imprisonment, in an unprecedented case against large-scale organised cyber crime.

27 year old Russian programmer Aleksandr Andreevich Panin and his 27 year old Algerian cohort Hamza Bendelladj were handed down stiff sentences by US federal court for their role in developing and distributing SpyEye on underground cybercrime forums from 2009.

The Trojan, which Panin referred to as the successor to infamous Zeus malware, went on to cause close a billion dollars in losses to the global financial industry, infecting more than 50 million computers, mainly through malicious downloads or web injections.

> See also: Businesses warned about massive surge in Locky ransomware

Once infected, the malware connected to command-and-control servers controlled by attackers to steal the victim's financial information such as PIN codes, credit card data and online banking credentials using keyloggers and Web injection.

The brains behind the outfit, Panin was the primary developer and distributor of SpyEye, and was sentenced to nine years, six months in prison. His co-conspirator Bendelladj will be behind bars for fifteen years.

With the assistance of Bendelladj (going by the screen name 'Bx1'), Panin (AKA 'Gribodemon') advertised and promoted the SpyEye malware on online, invite-only criminal forums, such as and other exclusive Russian-based criminal forums.

Bendelladj sold versions of SpyEye to almost 150 clients for prices ranging from $1,000 to $8,500. Using the virus, one of his customers reportedly made over $3.2 Million in just six months using the virus.

A third suspect, British citizen James Bayliss ('Jam3s' or 'Jam3s2k'), a British citizen, was arrested in May 2014 is being prosecuted by UK authorities.

'It is difficult to over state the significance of this case, not only in terms of bringing two prolific computer hackers to justice, but also in disrupting and preventing immeasurable financial losses to individuals and the financial industry around the world,' said U.S. Attorney John Horn.

'The outstanding work by our law enforcement partners, both domestically and internationally, as well as terrific cooperation from the private sector, serves as a blueprint on how to combat complex cyber-crime syndicates around the world.'

The SpyEye trojan and toolkit is very similar to Zeus and its variants, including Citadel. Although the developers were originally rivals, at one point the development of both SpyEye and Zeus merged into a single project due to the broad overlap of capabilities found in both.

In November 2010, Panin allegedly received the source code and rights to incorporated many components of Zeus into SpyEye. But through the arrests and sentencing, the risk the public unknowingly faced from the threat posed by the imminent release of a new highly sophisticated version of SpyEye was effectively reduced to zero.

'The FBI led investigation that brought one of the world’s most nefarious malware developers to justice and significantly disrupted the prolific SpyEye botnet demonstrates the power of focused investigations that combine the skills and talents of global law enforcement and private industry partners.' said J. Britt Johnson, Special Agent in Charge, FBI Atlanta Field Office.

> See also: Banking Trojans merge to steal over $4m in just a few days

Furthermore, the arrests and sentences serve as 'a strong deterrent to future malware developers and their customers, regardless of where they are located,' said Johnson.

But while the case is a huge blow to the future of the malware distribution model, there are still cyber crime rings at large. Just last week Forbes broke the news that researchers at IBM discovered a new piece of malware that has stolen $4 million from more than 24 American and Canadian banks in just a few days.

The hackers combined code from two malware types, known as Nymaim and Gozi, to create GozNym – a powerful and persistent Trojan. Numerous credit unions and popular e-commerce platforms were also said to have been targeted.

'These days malware is getting so much more complicated and intelligent, and it is a continued race between writers and detectors to do their respective tasks,' said Mark James, security specialist at ESET.

'There are so many different forms of malware around today and combining different versions to create hybrid pieces is an effective way of developing malware that is stealthy and successful.'

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics