Feeds

Feds indict nine for making millions from Zeus malware

But cops only have two of them in custody

Remote control for virtualized desktops

The FBI and the US Department of Justice have unsealed charges against nine people accused of racketeering, computer fraud, aggravated identity theft, and multiple counts of bank fraud related to their use of the Zeus malware against victims in the state of Nebraska.

"The 'Zeus' malware is one of the most damaging pieces of financial malware that has ever been used," said Acting Assistant Attorney General David O'Neil. "With the invaluable cooperation of our foreign law enforcement partners, we will continue to bring to justice cyber criminals who steal the money of US citizens."

That support is going to be very valuable, if the accused are going to have their day in court. While the US authorities have two suspects in detention, seven remain at large: three Ukrainians, a Russian national, and three others who have not been positively identified.

The two named ringleaders of the Zeus botnet, Ukrainians Yuriy Konovalenko and Yevhen Kulibaba, are already in custody, thanks to the efforts of British police. In 2011 they were jailed for four years and eight months apiece after getting nabbed by the UK's boys in blue, and have now been extradited to the US for additional charges.

According to the indictment, the two along with their seven accomplices used Zeus to infect targets in Nebraska and withdraw money from online bank accounts in the state. The government said it was asking for a forfeiture order of $70m against those indicted so that it can reclaim any money found.

The charges lean heavily on data collected by the British police, and say that funds purloined in the US were then sent to the UK and laundered through a variety of money mules. These are people who either knowingly or unknowingly agreed to transfer the funds through their own bank accounts and forward them on to the accused, while taking a small percentage as a commission.

"This case illustrates the vigorous cooperation between national and global law enforcement agencies and sends a strong message to cyber thieves," said FBI special agent in charge Thomas Metz. "The FBI and our international partners will continue to devote resources to finding better ways to safeguard our systems, fortify our cyber defenses, and stop those who do us harm."

While the police have named some of the suspects they are still searching for, it seems unlikely that they are going to be caught anytime soon. Many are known only by online handles, and unless they get as sloppy on security as their victims, they look likely to remain at large. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.