Feeds

Feds indict nine for making millions from Zeus malware

But cops only have two of them in custody

The essential guide to IT transformation

The FBI and the US Department of Justice have unsealed charges against nine people accused of racketeering, computer fraud, aggravated identity theft, and multiple counts of bank fraud related to their use of the Zeus malware against victims in the state of Nebraska.

"The 'Zeus' malware is one of the most damaging pieces of financial malware that has ever been used," said Acting Assistant Attorney General David O'Neil. "With the invaluable cooperation of our foreign law enforcement partners, we will continue to bring to justice cyber criminals who steal the money of US citizens."

That support is going to be very valuable, if the accused are going to have their day in court. While the US authorities have two suspects in detention, seven remain at large: three Ukrainians, a Russian national, and three others who have not been positively identified.

The two named ringleaders of the Zeus botnet, Ukrainians Yuriy Konovalenko and Yevhen Kulibaba, are already in custody, thanks to the efforts of British police. In 2011 they were jailed for four years and eight months apiece after getting nabbed by the UK's boys in blue, and have now been extradited to the US for additional charges.

According to the indictment, the two along with their seven accomplices used Zeus to infect targets in Nebraska and withdraw money from online bank accounts in the state. The government said it was asking for a forfeiture order of $70m against those indicted so that it can reclaim any money found.

The charges lean heavily on data collected by the British police, and say that funds purloined in the US were then sent to the UK and laundered through a variety of money mules. These are people who either knowingly or unknowingly agreed to transfer the funds through their own bank accounts and forward them on to the accused, while taking a small percentage as a commission.

"This case illustrates the vigorous cooperation between national and global law enforcement agencies and sends a strong message to cyber thieves," said FBI special agent in charge Thomas Metz. "The FBI and our international partners will continue to devote resources to finding better ways to safeguard our systems, fortify our cyber defenses, and stop those who do us harm."

While the police have named some of the suspects they are still searching for, it seems unlikely that they are going to be caught anytime soon. Many are known only by online handles, and unless they get as sloppy on security as their victims, they look likely to remain at large. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
Apple tried to get a ban on Galaxy, judge said: NO, NO, NO
Judge Koh refuses Samsung ban for the third time
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.