In any global outbreak, it’s important to identify Patient Zero. In the movies, you get a leggy Gwyneth Paltrow. In the nine-year online epidemic that helped create cybercrime as we know it, you get “fliime.”
That was the name used by somebody who went on the online forum Techsupportguy.com on October 11, 2006, at 2:24 a.m., saying he’d found some bad code on his sister’s computer. “Could someone please take a look at this,” he wrote.
Fliime probably didn’t realize this was history in the making. But the malicious program that had burrowed into the PC was a new breed, capable of vacuuming up more user logins and website passwords in one day than competing malware did in weeks. With repeated enhancements, the malware and its offspring became juggernauts of cyber bank robbery—turning millions of computers into global networks of zombie machines enslaved by criminals. Conservative estimates of their haul reach well into hundreds of millions of dollars.
Investigators studying the code knew its creator only by aliases that changed almost as frequently as the malware itself: A-Z, Monstr, Slavik, Pollingsoon, Umbro, Lucky1235. But the mystery coder gave his product a name with staying power; he called it ZeuS. Like the procreation-minded god of Greek mythology, this ZeuS fathered powerful descendants—and became a case study of the modern cybercrime industry.
This is the story of a nasty piece of code, and the hunt for its creator.