This week's Sunday Long Read is the story of ZeuS, the most infamous bank-robbing malware suite in the industry, that has led a nine-year campaign to plunder millions of accounts across the world.
In any global outbreak, it’s important to identify Patient Zero. In the movies, you get a leggy Gwyneth Paltrow. In the nine-year online epidemic that helped create cybercrime as we know it, you get “fliime.”
That was the name used by somebody who went on the online forum Techsupportguy.com on October 11, 2006, at 2:24 a.m., saying he’d found some bad code on his sister’s computer. “Could someone please take a look at this,” he wrote.
Fliime probably didn’t realize this was history in the making. But the malicious program that had burrowed into the PC was a new breed, capable of vacuuming up more user logins and website passwords in one day than competing malware did in weeks. With repeated enhancements, the malware and its offspring became juggernauts of cyber bank robbery—turning millions of computers into global networks of zombie machines enslaved by criminals. Conservative estimates of their haul reach well into hundreds of millions of dollars.
Investigators studying the code knew its creator only by aliases that changed almost as frequently as the malware itself: A-Z, Monstr, Slavik, Pollingsoon, Umbro, Lucky1235. But the mystery coder gave his product a name with staying power; he called it ZeuS. Like the procreation-minded god of Greek mythology, this ZeuS fathered powerful descendants—and became a case study of the modern cybercrime industry.
This is the story of a nasty piece of code, and the hunt for its creator.
Who is behind ZeuS and why? The FBI believes it's a Russian hacker who has been on the run for years, and they are no closer to catching him now then they were in 2006. And ZeuS's source code is now all over the internet and in the hands of crooks and thieves across the globe. The big banks are scared and the small banks are terrified.
And they should be.