Zeus and SpyEye crime syndicate taken down by Europol

A joint investigation team (JIT) coordinated by Europol and Eurojust has dismantled an online crime syndicate believed to have been behind the development and deployment of the Zeus and SpyEye banking trojans.

If you’re not familiar with Zeus (also called Zbot), it has been one of the most popular and successful cybercrime kits, and law enforcement agencies have been fighting it for several years.

Once the Zeus source code was leaked on the internet in 2011, cybercriminals began using the code to create other successful banking and information-stealing malware, including Citadel and Gameover.

Zeus was also the source of inspiration for SpyEye, which copied much of Zeus’s strategy.

Europol said its latest enforcement action targeted high-level cybercriminals believed to be responsible for directing a sophisticated criminal operation, including recruiting members to their organisation and cashing out proceeds of their crimes – as much as €2 million (approximately $2.24 million).

Investigators from Estonia, Latvia, Germany, Moldova, Poland and Ukraine, as well as the US, arrested five people following raids at eight addresses in four cities in Ukraine.

The latest action is the culmination of an investigation which begun in 2013 and involved other fellow JIT members Austria, Belgium, Finland, the Netherlands, Norway and the United Kingdom.

The European Union’s law enforcement agency said the raids on 18-19 June led to the seizure of computer equipment and other devices which will now be forensically examined.

The alleged criminals and their accomplices are said to have used the notorious banking trojans to steal money from online bank accounts both within the European Union as well as from other financial institutions elsewhere in the world, laundering the proceeds through money-mule networks along the way.

Last week’s operation brings the total number of arrests up to 60 since the investigation first began, with 34 of those being related to a money laundering operation that was recently busted by Dutch law enforcement authorities.

Rob Wainwright, Director of Europol, said the operation was significant:

In one of the most significant operations coordinated by the agency in recent years Europol worked with an international team of investigators to bring down a very destructive cybercriminal group. With our international partners, we are committed to fighting the threats brought about by malware and other forms of cybercrime, to realise safer technology infrastructures and online financial transactions for businesses and people the world over.

Europol’s latest success is just one of many in recent months:

In May 2014 an operation led to the arrests of 80 people linked to the use and distribution of the Blackshades remote access Trojan (RAT) – the co-author of which has just been jailed for 57 months.

That was followed up with 118 arrests across 80 airports in November 2014 as the agency tackled plane ticket fraud.

Then, in February this year, the agency was instrumental in the demolition of the Ramnit botnet that had infected 3.2 million Windows PCs, and in April, Europol led a takedown the Beebone botnet.

This month, besides the latest arrests, Europol has also snaffled up 49 people suspected of using Man-in-the-Middle (MiTM) attacks to intercept emailed payment requests.

Learn more about how cybercrime works

Listen to our Techknow podcast, Understanding Botnets. Learn, in plain English, the what, why and how of botnets  – the money-making machinery of modern cybercrime.


(Audio player above not working for you? Download to listen offline, or listen on Soundcloud.)

Image of Zeus statue courtesy of abxyz / Shutterstock.com.

Leave a Reply