For years, the SpyEye malware kit was one of the biggest threats in the malware world, a botnet creation kit that was responsible for some of the web's most expensive banking hacks. Today, federal agents finally charged the man behind it, 24-year-old Aleksander Panin, who pled guilty to conspiracy charges in an Atlanta courthouse earlier today.
Panin made his money by selling the exploit kit to more daring criminals, more than 150 different clients who used the readymade software to take on banking sites. At its height, the malware infected as many as 1.4 million computers, enabling one client to walk away from a banking attack with over $3 million. The botnet lost much of its power after successful anti-malware operations by Microsoft in March of last year, but Panin remained high on Interpol's "red list" thanks to a separate embezzlement scam.
Panin's downfall came when he sold a copy of the malware kit to a federal agent in mid-2011. His arrest came more than two years later, as he was passing through an Atlanta airport, which led to the current charges. He faces up to 30 years in prison, pending sentencing.