On Friday, the US Department of Justice announced the extradition from Thailand of Hazma Bendelladj, a 24-year old Algerian man accused of being "BX1," the author and marketer of the SpyEye botnet toolkit. SpyEye, a derivative of the Zeus botnet toolkit, is among the most widely-used financial fraud malware packages in the world. Bendelladj is being prosecuted by the US Attorney's Office for the Northern District of Georgia in Atlanta because one of the servers in the command and control (C&C) network was in an Atlanta data center.
The FBI and Department of Justice allege that Bendelladj acted as a full-service malware provider, marketing his tools in online underground marketplaces to would-be financial fraudsters. He is also alleged to have operated a C&C network for hire for SpyEye bots, allowing cyber-criminals to control the malware they had dropped onto victims' computers and deploy "injectors" for various financial institutions' websites. The injectors allowed the malware to add code to e-banking websites tailored to their designs and capture victims' credentials. A server in Georgia seized by law enforcement officials was found to have information on accounts for "approximately 253 unique financial institutions," according to a Department of Justice statement.
Bendelladj was arrested in Bangkok in January, as he was traveling from Malaysia to Egypt. The Department of Justice had a sealed indictment for Bendelladj since December of 2011, which included 23 charges (10 for wire fraud, 11 for computer fraud, and two conspiracy charges). If convicted on all counts, he could face a combination of sentences that could keep him in prison for the rest of his life, plus fines of up to $14 million.