The primary developer behind banking Trojan SpyEye pleaded guilty January 28 to committing wire and bank fraud, according to a statement from the commercialized the wholesale theft of financial and personal information. And now he is being held to account for his actions,” Sally Quillian Yates, the United States attorney for the Northern District of Georgia, said in a statement.
Panin started selling SpyEye in 2009 and quickly overtook the older Zeus Trojan because of its lower price tag and the ability to add custom plug-ins. While SpyEye’s popularity peaked in 2011, the malware was still used to successfully compromise more than 10,000 bank accounts in 2013. The Department of Justice said over 1.4 million computers in the United States have been infected with this malware.
Trend Micro researchers worked with the FBI on this case, according to a blog post by Loucif Kharouni, a senior threat researcher Trend Micro. The team correlated information found in the malware and C&C server’s configuration files, posts on underground forums, and domain name settings, Kharouni said.
“Cyber criminals be forewarned—you cannot hide in the shadows of the Internet. We will find you and bring you to justice,” Yates said.
Fahmida Y. Rashid is an accomplished security journalist and technologist. She is a regular contributor for several publications including iPCMag.com where she is a networking and security analyst. She also was a senior writer at eWeek where she covered security, core Internet infrastructure and open source. As well, she was a senior technical editor at CRN Test Center reviewing open source, storage, and networking products.