Two hackers have been sentenced by a US court to a combined 24 years and six months in prison for developing and distributing the notorious SpyEye malware, which has infected more than 50 million computers and caused nearly a billion dollars in harm to people and financial institutions around the world.
Russian national Aleksandr Andreevich Panin was sentenced to nine years and six months in federal prison, while Algerian Hamza Bendelladj faces a 15 year sentence.
Panin, known online as 'Gribodemon' and 'Harderman', was arrested in 2013 and pleaded guilty in 2014 to conspiracy to commit wire and bank fraud. Authorities say that he was the "primary developer and distributor" of the SpyEye virus, which he developed after receiving the source code and rights to sell Zeus from Evginy Bogachev.
The virus could be used to infect computers and remotely control them through command and control servers before stealing personal and financial information through Web injects, keystroke logging and credit card grabbers.
Panin is accused of selling different, tailored versions to at least 150 clients for prices ranging from $1000 to $8500. Crooks were able to customise their purchases to include tailor-made methods of obtaining victims’ personal and financial information, as well as marketed versions that targeted information about specific banks and credit card companies.
Bendelladj helped to advertise and promote SpyEye on online, invite-only criminal forums such as Darkode.com, say authorities. He also sent over one million spam emails containing strains of the virus and related malware to computers in the US, yielding hundreds of thousands of infected computers.
He is then accused of stealing personal identifying information from close to half a million people, hundreds of thousands of credit card and bank account numbers, causing millions of dollars in losses to individuals and financial institutions around the world.
In addition, he ran a website called VCC.sc where he automated the sale of stolen credit card information to cybercriminals around the world.
US Attorney John Horn says: "It is difficult to overstate the significance of this case, not only in terms of bringing two prolific computer hackers to justice, but also in disrupting and preventing immeasurable financial losses to individuals and the financial industry around the world."