Alleged Zeus botnet master nabbed in Bangkok

News 14 Jan, 2013

Financial malware netted 'Happy Hacker' $100m over three years, authorities claim.

An Algerian hacker arrested in Thailand on 6 January is the master of a botnet that stole $100 million (£62 million) from banks worldwide, it is claimed.

Dubbed the ‘Happy Hacker’ because of his smiling appearance, 24-year-old computer sciences graduate Hamza Bendelladj was arrested in Suvarnabhumi Airport, Bangkok, following a tip-off from the FBI.

Bendelladj, who is said to have gone by the handle bx1, is alleged to have been in command of a significant Botnet using two of the most notorious financial malwares of the past five years, ZeuS and SpyEye.

Thai immigration bureau chief Pharnu Kerdlarpphon told a press conference Bendelladj had allegedly hacked private accounts held in 217 banks and financial institutions worldwide, amassing huge amounts of money, the Bangkok Post reports.

"With just one transaction he could earn 10 to 20 million dollars. He's been travelling the world, flying first class and living a life of luxury,” Kerdlarpphon said.

At the press conference, Bendelladj laughed off suggestions from the Thai authorities that he was on the FBI’s top-10 most wanted list, saying he was “maybe just 20th or 50th”, before denying he is a terrorist.

He is now awaiting extradition to the US state of Georgia.

Commenting on Bendelladj’s detention, Marcin Kleczynski, CEO of Malwarebytes, told IT Pro: “Arrests like this do not typically impact the volume of threats in the short term, because there are so many variants in the wild, but over time more virulent zero-day Trojans will take the mantle.

“The power in coordinated law-enforcement actions is more that they act as a deterrent for aspiring malware-writers, proving that it is not easy to remain electronically hidden from the police,” Kleczynski added.