AMERICA’S WAR WITH Russia’s greatest cybercriminal began in the spring of 2009, when special agent James Craig, a rookie in the FBI’s Omaha, Nebraska, field office, began looking into a strange pair of electronic thefts. A square-jawed former marine, Craig had been an agent for just six months, but his superiors tapped him for the case anyway, because of his background: For years, he’d been an IT guy for the FBI. One of his nicknames in college was “the silent geek.”
The leading victim in the case was a subsidiary of the payments-processing giant First Data, which lost $450,000 that May. That was quickly followed by a $100,000 theft from a client of the First National Bank of Omaha. What was odd, Craig noticed, was that the thefts seemed to have been executed from the victims’ own IP addresses, using their own logins and passwords. Examining their computers, he saw that they were infected with the same malware: something called the Zeus Trojan horse.
In online security circles, Craig discovered, Zeus was notorious. Having first appeared in 2006, the malware had a reputation among both criminals and security experts as a masterpiece—smooth, effective, versatile. Its author was a phantom. He was only known online, where he went by the handle Slavik, or lucky12345, or a half-dozen other names.
https://www.wired.com/2017/03/russian-hacker-spy-botnet/