Police Arrest Alleged ZeuS Botmaster “bx1″ (earning 10 to 20 million dollars ??)

[menotu]

Brian Krebs 10 January 2013 (krebsonsecurity)

A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed “bx1,” a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan.



As reported by The Bangkok Post, 24-year-old Hamza Bendelladj, an Algerian national, was detained this weekend at Bangkok’s Suvarnnabhumi airport, as he was in transit from Malaysia to Egypt. This young man captured news media attention when he was brought out in front of Thai television cameras handcuffed but smiling broadly, despite being blamed by the FBI for hacking into customer accounts at 217 financial institutions worldwide.

Thai investigators told reporters that Bendelladj had amassed “huge amounts” in illicit earnings, and that “with just one transaction he could earn 10 to 20 million dollars. He’s been travelling the world flying first class and living a life of luxury.”

I didn’t fully appreciate why I found this case so interesting until I started searching the Internet and my own servers for his email address. Turns out that in 2011, I was contacted via instant message by a hacker who said he was operating botnets using the Zeus and SpyEye Trojans. This individual reached out to me repeatedly over the next year, for no apparent reason except to brag about his exploits. He contacted me via Microsoft’s MSN instant message platform, using the email address daniel.h.b@universityofsutton.com. That account used the alias “Daniel.” I later found out that Daniel also used the nickname bx1.

https://krebsonsecurity.com/2013/01/police-arrest-alleged-zeus-botmaster-bx1/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29

[menotu]

Brian Krebs 3 May 2013 (krebsonsecurity)

Alleged SpyEye Seller ‘Bx1′ Extradited to U.S.

A 24-year-old Algerian man arrested in Thailand earlier this year on suspicion of co-developing and selling the infamous SpyEye banking trojan was extradited this week to the United States, where he faces criminal charges for allegedly hijacking bank accounts at more than 200 financial institutions.

Hamza Bendelladj, who authorities say used the nickname “Bx1″ online, is accused of operating a botnet powered by SpyEye, a complex banking trojan that he also allegedly sold and helped develop. Bendelladj was arraigned on May 2, 2013 in Atlanta, where he is accused of leasing a server from a local Internet company to help manage his SpyEye botnet.

A redacted copy of the indictment  PDF  (PDF) against Bendelladj was unsealed this week; the document says Bendelladj developed and customized components of SpyEye that helped customers steal online banking credentials and funds from specific banks.

The government alleges that as Bx1, Bendelladj was an active member of darkode.com, an underground fraud forum that I’ve covered in numerous posts on this blog. Bx1′s core focus in the community was selling “web injects” — custom add-ons for SpyEye that can change the appearance and function of banking Web sites as displayed in a victim’s Web browser. More specifically, Bx1 sold a type of web inject called an automated transfer system or ATS; this type of malware component was used extensively with SpyEye — and with its close cousin the ZeuS Trojan — to silently and invisibly automate the execution of bank transfers just seconds after the owners of infected PCs logged into their bank accounts.

    “Zeus/SpyEYE/Ice9 ATS for Sale,” Bx1 announced in a post on darkode.com thread dated Jan. 16, 2012:

    “Hey all. I’m selling private ATS’s. Working and Tested.

    We got  IT / DE / AT / UK / US / CO / NL / FR / AU

    Contact me for bank.

    can develop bank ATS from your choice.”

The government alleges that Bx1/Bendelladj made millions selling SpyEye, SpyEye components and harvesting financial data from victims in his own SpyEye botnet. But Bx1 customers and associates on darkode.com expressed strong doubts about this claim, noting that someone who was making that kind of money would not blab or be as open about his activities as Bx1 apparently was.

Full blog

[david1958]

Hmm, got me thinking. I had a guy from over there last week send me 3 email on cuckoo clock parts. Could have been him, well if he thinks hes going to get rich off of me thats a joke. You got to have it first!