Alleged SpyEye Botmaster Extradited To US

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Man sent to US from Bangkok where he was arrested in January

A man accused of helping develop and spread the virulent SpyEye banking malware has been extradited from Thailand to the US.

Algerian national Hamza Bendelladj, who went by the pseudonym Bx1 online, was arrested in Bangkok in January, as he was changing flights on a journey from Malaysia to Egypt. He was finally extradited on 2 May.

SpyEye arrest

Malware - Fotolia: skull button © alekup #34457353“The indictment charges Bendelladj and his co-conspirators with operating servers designed to control the personal computers of unsuspecting individuals and aggressively marketing their virus to other international cybercriminals intent on stealing sensitive information,” said  Acting Assistant Attorney  General Mythili Raman, of  the Justice Department’s Criminal Division.

It is alleged Bendelladj and his associates developed, marketed and sold various versions of SpyEye. Court documents claimed he offered customised services, allowing crooks to use tailor-made methods of obtaining victims’ personal and financial data.

All the while he was allegedly running SpyEye command and control servers, one of which was based in Georgia, where the charges were filed. That Georgia-based server was believed to have contained data of around 253 different financial bodies.

Overall, Bendelladji facest 23 charges, with a maximum charge of 30 years in prison for conspiracy to commit wire and bank fraud charge, and between five and 20 years for the other charges. He also faces fines of up to $14 million dollars.

Although the Georgia charges do not mention Zeus, it is believed Bx1 was involved in running botnets of systems infected with that strain of banking malware too.

Zeus and SpyEye do similar things, pilfering banking login information in various ways. Both have the ability to do webinjects, which trick users into handing over data, such as credentials, by looking like legitimate sections of a website.

An unnamed co-defendant was believed to have sold the malware on underground forums, such as Darkode.com.

Three men from separate Baltic regions were jailed in the UK for their own SpyEye use.

What do you know about Internet security? Find out with our quiz!