Two men found using the SpyEye Trojan to swindle users out of their banking information were jailed last week after violating the United Kingdom’s Computer Misuse Act.
Pavel Cyganok, 28, a Lithuanian, along with Ilja Zakrevski, 26, an Estonian, were jailed for four years while a third man, Latvia resident Aldis Krummins, 45, was found guilty of laundering money in conjunction with the investigation and sentenced to two years in jail, according to a BBC report.
The criminals “developed a highly-organized IT infrastructure to enable their criminality, including in some cases, the automatic infection of innocent computer users with their malicious code,” according to Detective Constable Bob Burls of the Metropolitan Police Central e-crime unit (PCeU).
The PCeU’s investigation determined approximately 1,000 computers were infected and that citizens from the UK, Denmark, the Netherlands and New Zealand had been tricked into surrendering banking information that was in turn uploaded to servers Cyganok and Zakrevski owned.
According to a Computerworld report, Cyganok was logged onto a command-and-control (C&C) server when his home was raided this past April while Zakrevski was arrested in Denmark for a different crime and extradited to the UK on a European Arrest Warrant in July, 2011.
The criminals amassed at least £100,000 ($150,000) in luxury goods that were bought online and resold, according to reports. That money was then laundered using online accounts.
A relative of Zeus, SpyEye remains a favorite of hackers aiming to pry banking information away from unsuspecting targets. The two were employed recently in Operation High Roller, a fraud ring uncovered last week that targeted the bank accounts of the wealthy.
Microsoft went after Zeus and some of its SpyEye variants in March, yet hackers continue to tweak the toolkit to evolve with the changing times.