“Those computers were reporting back to him,” Yates said. She declined to name the Internet company that leased him the computer server.
The indictment noted Bendelladj developed components for the Trojan horse virus. The federal grand jury also indicted the principal designer, but the name was redacted because he has not yet been arrested.
Purchasers of SpyEye could have a version customized with “Web injects,” which infected a victim’s browser with a computer code that hijacked the victim’s Internet session and targeted specific financial data or institutions, according to the federal indictment.
At least 253 financial institutions were infected, Yates said.
Some Web injects would create a false online banking page to trick a victim into entering banking information, the indictment said. The virus also would create false bank account pages to hide the thefts from the victims.
Bendelladj, whom Yates said wasn’t associated with a major crime organization, advertised a version of SpyEye online and sold it to an undercover agent for $8,500, according to the indictment.
After Bendelladj’s arrest in Thailand in January, Brian Krebs reported on his website Krebsonsecurity.com that the 24-year-old hacker had contacted him as “Bx1” through Microsoft’s MSN Instant Messaging in 2011 to brag about his exploits.
Krebs was skeptical Friday that Bendelladj — who crisscrossed the world — made as much money as his customers, saying he was as much a prankster as a criminal.
“I would be surprised if he made a million dollars,” Krebs told AM 750 and 95.5FM News/Talk WSB. “Usually, that kind of income is made by more organized crime groups.
“This guy was more into it for the fun and games.”