Nine people connected to the "Zeus" malware have been indicted, federal officials announced Friday as they declared the code "one of the most damaging pieces of financial malware that has ever been used."
An indictment (PDF) unsealed Friday charges nine people, most of them from the Ukraine. Two defendants—Yuriy Konovalenko, 31, and Yevhen Kulibaba, 36—were extradited to the United States and hauled Friday into Nebraska federal court, where the charges were unsealed. Most of the others remain at large.
The authorities said the defendants used Zeus to hijack account numbers, passwords, personal identification numbers, RSA SecureID token codes, and other data needed to illegally log in to online banking accounts, netting the defendants "millions of dollars." Prosecutors said they were responsible for "infecting thousands of business computers with malicious software."