US Charges Nine with Distributing Zeus Malware

Two defendants face arraignment in federal court Friday

The U.S. Department of Justice has brought charges against nine alleged members of a criminal organization that distributed the Zeus Trojan used to steal millions of dollars from bank accounts nationwide.

The DOJ's charges, unsealed Friday in U.S. District Court for the District of Nebraska, include conspiracy to participate in racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud.

Two defendants, Yuriy Konovalenko, 31, and Yevhen Kulibaba, 36, are scheduled to be arraigned Friday at the federal courthouse in Lincoln, Nebraska, the DOJ said in a press release. The two were recently extradited from the U.K. after a federal grand jury charged them in August 2012.

The Zeus Trojan infected thousands of business computers and captured passwords, account numbers and other information necessary to log into online banking accounts, the DOJ said.

"The Zeus malware is one of the most damaging pieces of financial malware that has ever been used," Acting Assistant Attorney General David O'Neil said in a statement. "As the charges unsealed today demonstrate, we are committed to making the Internet more secure and protecting the personal information and bank accounts of American consumers."

The defendants are charged with using Zues, or ZBot, to capture bank account numbers, passwords, personal identification numbers, RSA SecureID token codes and similar information necessary to log into online banking accounts. The defendants told banks that they were employees of the victims and authorized to make transfers of funds from the victims' bank accounts, according to the indictment.

Among the victims of the Zeus scheme were Bank of America, First National Bank of Omaha, Nebraska, the Franciscan Sisters of Chicago and Key Bank, according to the indictment.

The defendants allegedly used U.S. residents as money mules who received funds transferred from the victims' bank accounts into their own accounts, the DOJ said. The money mules then withdrew some of those funds and wired the money overseas to conspirator, the agency alleged.

Kulibaba allegedly operated the conspirators' money laundering network in the U.K. by helping money mules launder the money withdrawn from U.S. victim accounts, the DOJ said. Konovalenko allegedly provided money mules' and victims' banking credentials to Kulibaba and facilitated the collection of victims' data from other conspirators, the agency said.

Four identified defendants remain at large. They are:

-- Vyacheslav Igorevich Penchukov, 32, of Ukraine, who allegedly coordinated the exchange of stolen banking credentials and money mules;

-- Ivan Viktorvich Klepikov, 30, of Ukraine, the alleged systems administrator who handled the technical aspects of the criminal scheme;

-- Alexey Dmitrievich Bron, 26, of Ukraine, the alleged financial manager of the criminal operations who managed the transfer of money through an online money system known as Webmoney;

-- Alexey Tikonov, of Russia, an alleged coder or developer who assisted the criminal enterprise by developing new codes to compromise banking systems.

The indictment also charges three other unnamed people.

The Metropolitan Police Service in the U.K., the National Police of the Netherlands' National High Tech Crime Unit and the Security Service of Ukraine assisted with the DOJ's investigation.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Insider Resume Makeover: How (and When) to Break the Rules
Join the discussion
Be the first to comment on this article. Our Commenting Policies