Two men who built and sold a banking trojan that infected more than 50 million computers around the world and caused almost $1 billion in losses have been sentenced to a combined 24 years in prison.
Aleksandr Andreevich Panin, the chief developer and distributor of SpyEye, received a sentence of nine years and six months in federal prison, according to a statement issued by the US Department of Justice. In underground forums where the trojan was sold, the 27-year-old Russian national went by the hacker aliases “Gribodemon” and “Harderman.” In 2010, prosecutors said, he received the source code to a crimeware platform dubbed ZeuS. From 2009 to 2011, he conspired with others to develop SpyEye, which is believed to have borrowed liberally from ZeuS.
Prosecutors said Panin conspired with Hamza Bendelladj, aka Bx1, an Algerian man who received a 15-year prison term during the same Wednesday sentencing in federal court in Atlanta. Prosecutors said Bendelladj transmitted more than one million spam e-mails containing SpyEye and related malware to computers in the United States. The feat infected hundreds of thousands of computers. Bendelladj also developed SpyEye add ons that automated the theft of funds from victim bank accounts and further spread malware, including SpyEye and Zeus. Authorities said he stole personal information from almost 500,000 people and caused millions of dollars in losses to individuals and financial institutions around the world.