SpyEye botnet kit developer sentenced to long jail term

Aleksandr Panin and associate Hamza Bendelladj were sentenced to a combined 24 years and six months in prison

Aleksandr Andreevich Panin, the Russian developer of the SpyEye botnet creation kit, and an associate were on Wednesday sentenced to prison terms by a court in Atlanta, Georgia, for their role in developing and distributing malware that is said to have caused millions of dollars in losses to the financial sector.

Panin, who set out to develop SpyEye as a successor to the Zeus malware that affected financial institutions since 2009, was sentenced by the court to nine and half years in prison, while his Algerian associate Hamza Bendelladj got a 15-year term, according to the Department of Justice.

After infecting victims' computers, cybercriminals were able to remotely control these compromised computers through command-and-control servers, and steal the victims’ personal and financial information using techniques such as Web injects that introduce malicious code into a victim’s browser, keystroke loggers that record keyboard activity and credit card grabbers. The information sent to the servers was then used to steal money from the financial accounts of the victims.

A Northern District of Georgia grand jury returned in December 2011 a 23-count indictment against Panin, who had yet to be fully identified, and Bendelladj. Panin pleaded guilty in 2014 to one count of conspiring to commit wire and bank fraud for his role as primary developer and distributor of the malware, while Bendelladj pleaded guilty in 2015 to a number of counts relating to conspiring to wire and computer fraud and abuse.

Operating from Russia from 2009 to 2011, Panin was charged with conspiring with others, including Bendelladj, also known as Bx1, to develop, market and sell various versions of SpyEye and component parts on the Internet, the DOJ had alleged. 

In July 2011, Panin negotiated and agreed to sell SpyEye online to a federal undercover law enforcement officer, according to a filing by the DOJ in the U.S. District Court for the Northern District of Georgia, Atlanta division. He uploaded a version of the toolkit on file delivery service Sendspace.com after receiving the payment. Before that, Panin and Bendelladj had been found trying to promote the kit online on the Darkode.com criminal Web forum that was dismantled last year.  Bendelladj even advertised his own version of SpyEye on YouTube, according to the government.

The DOJ has described SpyEye as a "preeminent malware banking Trojan" from 2010 to 2012, which was used by a global cybercrime syndicate to infect over 50 million computers and cause close to US$1 billion in financial harm.

Panin is said to have received in 2010 the source code and rights to sell Zeus from Evginy Bogachev, also known as Slavik, and included many components of it into SpyEye.  Bogachev, who is the FBI’s most wanted cybercriminal, remains at large. Panin was planning to release a new version of SpyEye, called SpyEye 2.0, which would have been "one of the most prolific and undetectable botnets distributed to date" if it had been released, according to a statement by the DOJ.

Panin was arrested by U.S. authorities in 2013, when flying through Hartsfield-Jackson Atlanta International Airport, while Bendelladj was extradited from Thailand in the same year after he was apprehended while in transit at an airport in Bangkok.

Join the CSO newsletter!

Error: Please check your email address.

More about Department of JusticeDOJFBI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ribeiro

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts