Aleksandr Andreevich Panin, the Russian developer of the SpyEye botnet creation kit, and an associate were on Wednesday sentenced to prison terms by a court in Atlanta, Georgia, for their role in developing and distributing malware that is said to have caused millions of dollars in losses to the financial sector.
Panin, who set out to develop SpyEye as a successor to the Zeus malware that affected financial institutions since 2009, was sentenced by the court to nine and half years in prison, while his Algerian associate Hamza Bendelladj got a 15-year term, according to the Department of Justice.
After infecting victims' computers, cybercriminals were able to remotely control these compromised computers through command-and-control servers, and steal the victims’ personal and financial information using techniques such as Web injects that introduce malicious code into a victim’s browser, keystroke loggers that record keyboard activity and credit card grabbers. The information sent to the servers was then used to steal money from the financial accounts of the victims.
A Northern District of Georgia grand jury returned in December 2011 a 23-count indictment against Panin, who had yet to be fully identified, and Bendelladj. Panin pleaded guilty in 2014 to one count of conspiring to commit wire and bank fraud for his role as primary developer and distributor of the malware, while Bendelladj pleaded guilty in 2015 to a number of counts relating to conspiring to wire and computer fraud and abuse.
Operating from Russia from 2009 to 2011, Panin was charged with conspiring with others, including Bendelladj, also known as Bx1, to develop, market and sell various versions of SpyEye and component parts on the Internet, the DOJ had alleged.
In July 2011, Panin negotiated and agreed to sell SpyEye online to a federal undercover law enforcement officer, according to a filing by the DOJ in the U.S. District Court for the Northern District of Georgia, Atlanta division. He uploaded a version of the toolkit on file delivery service Sendspace.com after receiving the payment. Before that, Panin and Bendelladj had been found trying to promote the kit online on the Darkode.com criminal Web forum that was dismantled last year. Bendelladj even advertised his own version of SpyEye on YouTube, according to the government.
The DOJ has described SpyEye as a "preeminent malware banking Trojan" from 2010 to 2012, which was used by a global cybercrime syndicate to infect over 50 million computers and cause close to US$1 billion in financial harm.
Panin is said to have received in 2010 the source code and rights to sell Zeus from Evginy Bogachev, also known as Slavik, and included many components of it into SpyEye. Bogachev, who is the FBI’s most wanted cybercriminal, remains at large. Panin was planning to release a new version of SpyEye, called SpyEye 2.0, which would have been "one of the most prolific and undetectable botnets distributed to date" if it had been released, according to a statement by the DOJ.
Panin was arrested by U.S. authorities in 2013, when flying through Hartsfield-Jackson Atlanta International Airport, while Bendelladj was extradited from Thailand in the same year after he was apprehended while in transit at an airport in Bangkok.