A 24-year old Russian national has been named as the creator and controller of the SpyEye Trojan.
Aleksander Panin pleaded to conspiracy to commit wire and bank fraud for his role as the primary developer and distributor of SpyEye. Panin, who was also known as “Gribodemon” and “Harderman,” pleaded guilty to conspiracy to commit wire and bank fraud.
SpyEye has infected over 1.4 million computers in the United States, and abroad, and collects personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs and other personally identifying information.
The US Department of Justice alleged that Panin was the primary developer and distributor of SpyEye. Operating from Russia from 2009 to 2011, Panin conspired with others, including co-defendant Hamza Bendelladj, an Algerian national also known as “Bx1,” to develop, market and sell various versions of the SpyEye virus and component parts on the Internet. Panin allowed cybercriminals to customise their purchases to include tailor-made methods of obtaining victims’ personal and financial information, and is believed to have sold the SpyEye virus to at least 150 “clients” who, in turn, used them to set up their own command and control servers.
United States attorney, Sally Quillian Yates, said: “Today’s plea is a great leap forward in our campaign against those attacks. Panin was the architect of a pernicious malware known as ‘SpyEye’ that infected computers worldwide. He commercialised the wholesale theft of financial and personal information. And now he is being held to account for his actions. Cyber criminals be forewarned: you cannot hide in the shadows of the internet. We will find you and bring you to justice.”
The case is being investigated by FBI special agents of the Federal Bureau of Investigation, who thanked the UK’s National Crime Agency and private sector partners including Trend Micro, Microsoft’s Digital Crimes Unit, Mandiant, Dell SecureWorks, Trusteer and the Norwegian Security Research Team “Underworld.no” for their assistance.
Rik Ferguson, vice president of security research at Trend Micro, said: “Almost four years ago, the Forward-looking Threat Research (FTR) team at Trend Micro began a particularly focused investigation into the person or people behind SpyEye.
“Over the intervening period, we mapped out the infrastructure used to support the malware, identified weak points in that infrastructure and pursued a number of important leads pointing to the identities of individuals behind this pernicious banking Trojan. Once we felt that we had sufficient information, we involved law enforcement who drove it to the successful conclusion you see today.
“The arrest last year, and yesterday’s guilty plea, are another illustration that Trend Micro’s strategy of going after the people behind online crime, instead of simply the infrastructure they exploit, is the right one. You may more often see stories that a botnet has been ‘taken down’ resulting perhaps in a massive drop in the number of infected computers, but these types of activity, while laudable are only temporary.
“Criminals will very soon come back and often come back stronger, having learned from their previous failures, the network of compromised computers will be rebuilt and the crime spree begins anew.”