Alleged Zeus botnet master nabbed in Bangkok
Financial malware netted 'Happy Hacker' $100m over three years, authorities claim.


An Algerian hacker arrested in Thailand on 6 January is the master of a botnet that stole $100 million (62 million) from banks worldwide, it is claimed.
Dubbed the Happy Hacker' because of his smiling appearance, 24-year-old computer sciences graduate Hamza Bendelladj was arrested in Suvarnabhumi Airport, Bangkok, following a tip-off from the FBI.
Bendelladj, who is said to have gone by the handle bx1, is alleged to have been in command of a significant Botnet using two of the most notorious financial malwares of the past five years, ZeuS and SpyEye.
Thai immigration bureau chief Pharnu Kerdlarpphon told a press conference Bendelladj had allegedly hacked private accounts held in 217 banks and financial institutions worldwide, amassing huge amounts of money, the Bangkok Post reports.
"With just one transaction he could earn 10 to 20 million dollars. He's been travelling the world, flying first class and living a life of luxury," Kerdlarpphon said.
At the press conference, Bendelladj laughed off suggestions from the Thai authorities that he was on the FBI's top-10 most wanted list, saying he was "maybe just 20th or 50th", before denying he is a terrorist.
He is now awaiting extradition to the US state of Georgia.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Commenting on Bendelladj's detention, Marcin Kleczynski, CEO of Malwarebytes, told IT Pro: "Arrests like this do not typically impact the volume of threats in the short term, because there are so many variants in the wild, but over time more virulent zero-day Trojans will take the mantle.
"The power in coordinated law-enforcement actions is more that they act as a deterrent for aspiring malware-writers, proving that it is not easy to remain electronically hidden from the police," Kleczynski added.
Jane McCallion is Managing Editor of ITPro and ChannelPro, specializing in data centers, enterprise IT infrastructure, and cybersecurity. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
Horabot campaign targeted businesses for more than two years before finally being discovered
News The newly-discovered Horabot botnet has attacked companies in the accounting, investment, and construction sectors in particular
By Ross Kelly Published
-
Brand-new Emotet campaign socially engineers its way from detection
News This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
By Ross Kelly Published
-
Microsoft says “it’s just too difficult” to effectively disrupt ransomware
News The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
By Connor Jones Published
-
Beating the bad bots: Six ways to identify and block spam traffic
In-depth Not all traffic is good. Learn how to prevent bad bots from overrunning your website
By Sead Fadilpašić Published
-
Ukraine's vigilante IT army now has a DDoS bot to automate attacks against Russia
News The 270,000-strong IT Army of Ukraine will now combine supporters' cloud infrastructure to strengthen the daily attacks against their invaders
By Connor Jones Published
-
Microsoft's secure VBA macro rules already being bypassed by hackers
News Recent analysis of Emotet activity has revealed a shift away from malicious Office documents to drop malware
By Connor Jones Published
-
Emotet infrastructure has almost doubled since resurgence was confirmed
News Researchers confirm the infrastructure has also been upgraded for a "better secured", more resilient operation
By Connor Jones Published
-
DOJ extradites Ukrainian man who used a botnet to decrypt login credentials
News The 28-year-old allegedly sold passwords to other criminals on the dark web
By Rene Millman Published