SpyEye Botnet Nets Fraudster $3.2M In Six Months

wiredmikey writes "The SpyEye Trojan has a well-earned place of respect in the cyber-underground as an adaptable and effective piece of malware. Those same traits have also made it a bane for countless victims and the security community, and new research provides yet another reminder of why. According to security researchers, a hacker in his early 20s known by the alias 'Soldier' led a bank fraud operation that netted $3.2 million in six months. Powered by the SpyEye crimeware kit and aided by money mules and an accomplice believed to reside in Hollywood, Soldier commanded a botnet of more than 25,000 computers between April 19 and June 29 that compromised bank accounts and made off with the profits. Most of the victims were in the U.S., but there were a handful of victims in 90 other countries as well. Among the affected organizations were banks, educational facilities and government agencies."

Re:the biggest problem here, personal responsibili

[Beryllium+Sphere(tm)]

In a world where picture frames come preinstalled with malware, in a world where simply visiting the wrong website can infect you if Flash has an unpatched vulnerability, that's too simplistic.

I blame people for running Trojans, I blame people for not doing updates (but come on, what other industry would tolerate having a recall on the second Tuesday of every month), but this is still a world in which drive-by downloads are possible. I run Noscript, of course, but don't expect anyone else to live with the problems it causes.

Re:the biggest problem here, personal responsibili

[mpe]

A better analogy would be someone using their car in a reasonable manner but crashing into the crowd because someone cut their brake lines.

But the brakes in a car generally don't fail because someone put the wrong CD in or tuned to the wrong radio station.