"The cyber thieves targeted small- to medium-sized companies, municipalities, churches, and individuals, infecting their computers using a version of the Zeus Botnet," the FBI said Friday in a press release. "The malware captured passwords, account numbers, and other data used to log into online banking accounts."
According to the FBI, the scammers tried to steal $220 million in total, and actually managed to move $70 million offshore from the U.S. There were about 390 victims in the U.S., the FBI said.
Zeus' main software developer, who once went by the name A-Z, is thought to live in St Petersburg, according to Don Jackson, a researcher with SecureWorks, one of the companies that has been tracking Zeus for years.
To complicate matters, Zeus is not run by a single gang. There are perhaps five to 10 Zeus gangs that operate at the highest level, Jackson said. These are the crooks who get access to the best code, who have the most up-to-date attacks, and who make the most money.
However the Zeus code is also freely sold on the black market, and there are many others who also make their own use of the malware.
Zeus is continually updated, with developers often adding features at the request of users of the malware, FBI officials said.
Sign up for Computerworld eNewsletters.