USA charges 60 people as part of international ZBot investigation

Graham Cluley
Graham Cluley
@[email protected]

The US Department of Justice has charged more than 60 people in connection with a criminal scheme involving the ZBot Trojan horse.

ZBot, also known as Zeus, is a family of malware that can hijack your computer, making it part of a criminal botnet. Over the past few years cybercriminals have used different versions of ZBot to steal money from online bank accounts, login details for social networking sites and email/FTP information.

It’s not uncommon for “money mules” to be used to transfer money from accounts, once they have been compromised through use of malware.

Details of the precise charges are expected to be released by the US Attorney and Manhattan District attorney at 1 pm EST today.

Sign up to our free newsletter.
Security news, advice, and tips.

According to media reports, the action is related to the arrest of 19 people in London which occurred earlier this week.

New Scotland Yard has annnounced that 11 people have been charged in relation to the UK arrests. All eleven live in Essex, although they originally hail from the Ukraine, Belarus, Latvia, Estonia and Georgia.

They face charges of conspiracy to defraud, money laundering and passport offences, and were scheduled to appear in Westminster Magistrate’s court today.

Reading between the lines, it’s possible that the authorities believe that those arrested in the UK are ringleaders of the gang, and the US arrests are mostly the “money mules” who were used to actually convert stolen details into cash.

Using “money mules” who are in the same country as the victims of identity theft is a way to reduce the chances of the banks’ internal fraud detection mechanisms from firing. If a US citizen suddenly withdraws money from an ATM in Latvia the bank will get suspicious but if they withdraw from an ATM in New York it will raise fewer questions.

It’s good to see the US and UK authorities working closely to fight the growing problem of cybercrime. Those involved in the internet’s criminal underworld may be becoming more organised and international in nature, but they are in danger of learning the hard way that the good guys are also co-operating more closely than ever before.

But anyone who believes that this is the end of criminal gangs using ZBot to infect computers to steal money is sadly mistaken. The kit is still available for download from underground websites by anyone with an interest in cybercrime.

* Image source: Ocularinvasion’s Flickr photostream (Creative Commons)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.