A recent phishing and malware scam netted a group of criminals some €300,000 in stolen funds, according to experts.
Security vendor Finjan said that the criminals used a piece of financial malware to infect users and steal account details without being caught by bank security systems.
The attackers used a combination of phishing sites and exploit attacks to dupe users into downloading a piece of malware known as Zeus.
Once installed, the Trojan covertly dialled into a command server operated by the group. The server then directed the Trojan to gather account details and transfer funds to a third-party account and create a forged bank statement.
As a result of the campaign, Finjan estimated that the cyber criminals were able to steal roughly €300,000 in just 22 days.
"In this case, the specific criteria that the Trojan received from its command and control centre mark a whole new level of sophistication in the techniques used by cyber criminals," said Finjan chief technology officer Yuval Ben-Itzhak.
"Using these methods they successfully evaded anti-fraud systems that banks deploy. We dubbed it the Anti anti-fraud."
Further complicating matters was the use of third-party 'money mules' to launder the stolen funds and make the criminals behind the operation harder to track down.
The mules are often hired on the promise of a legitimate 'work from home' job and are unaware of the fraudulent activity. They accept transfers from the compromised accounts and then send the money back to the criminals as a wire transfer.
See also:
New technology could help firms redirect their customers from fake to authentic sites 21 Sep 2009
Company files suit against purveyors of 'malvertising' 19 Sep 2009
Site charges $100 per hacked account - or is it a scam? 18 Sep 2009
Sophisticated network of PCs bypasses conventional filters 18 Sep 2009All Hacking Tags: Finjan, Fraud, Malware, Zeus, Threats, Financial-services, Crime, Web, Ecommerce, Security
del.icio.us
Digg this
reddit!
