Aleksandr Andreevich Panin, a Russian national pleaded guilty yesterday in an Atlanta federal courtroom to a conspiracy charge associated with his role as the primary developer and distributor of SpyEye, a bank fraud malware created specifically to facilitate online theft from financial institutions. SpyEye infected more than 1.4 million computers, obtaining victims’ financial and personally identifiable information stored on those computers and using it to transfer money out of victims’ bank accounts and into accounts controlled by criminals. He sold his malware to more than 150 ‘clients’ charging anywhere from $1,000 to $8,500 for various versions. CyberThreat reports.
In February 2011 the FBI seized a key SpyEye server located in Georgia, which lead the agents to buy a copy of the malware online, from Panin himself, few months later. This copy turned out to be very incriminating because that particular version contained the full suite of features designed to steal confidential financial information, make fraudulent online banking transactions, install keystroke loggers, and, in addition, initiate distributed denial of service (or DDoS) attacks from computers infected with malware. Panin was arrested in July 2013 while he was flying through Hartsfield-Jackson Atlanta International Airport.