Malware gang steal over £700K from one British bank A banking Trojan attack has led to the fraudulent withdrawal of more than $1m from online banking accounts maintained with a UK bank since the start of July, according to security researchers. Web-based malware based on the infamous Zeus cybercrime toolkit is being used to steal money via the unnamed bank's online banking …
Since most banks adopt a daily limit on the amount of cash that can be withdrawn from an ATM in one day, usually 700, they want accounts where they can withdraw the maximum amount. No point in letting somebody know their account details have been compromised for just 20 quid, is there?
Most people working will have £800 in their account at least one day in a month.
Then that presents a far greater target to hit. If you increase the amount to something actually representing "substantial", say £20k+ then you limit your attack base.
simple (if immoral) economics.
I saw this in the wild last month. The AV and anti-spyware on my client's PC failed to spot the Trojan. (I had to delete by hand using an Unbuntu boot disk)
On my client's PC, when they accessed their bank account, the virus was sitting as a proxy on the PC swapping the pages that would appear on the screen. The initial bank "front page" looked normal, and asked for the account number.
Then the second page which normally asks for "second, fourth and eighth" characters of the password was swapped for a VERY convincing looking fake page which asked for ALL of the password to be entered.
I am glad I scare by clients into paranoia as this client spotted the change of procedure at that stage. Even though the quality branded AV and anti-spyware programs could not spot it.
Most people will just assume that the Bank has changed its login system and carry on regardless. So this does not surprise me that it has landed so much cash for the scammers.
(Though I do wonder why the bank did not spot the patterns of cash transfers earlier?)
I am not naming the bank as there is no point. This is a scam that is probably running on many banks at the same time as it is such a clean looking con.
"the cyber criminals have successfully stolen £675,000 ($1,077,000)" and how exactly would the amount be known by anyone other then the criminals?
Does the bank is question know it is being scammed and not care? Perhaps it thinks it is cheaper to ignore then acknowledge? Either way, I am sure they wouldn't publish the figure.
Or does this 'security consultancy' have the means to monitor the exact amounts being transfered? So why didn't they stop them? Perhaps they were waiting for it to pass the Million Dollar mark to make it interesting 'news', or perhaps they are touting this around to sell their services. "Pay us X amount and we will tell you if you are the victim of this scam." Now there is an idea I could sell on Dragon's Den.
I've seen this several times over the past week - the major AV suites all seem to miss the infection (although the Microsoft MSRT catches it). The giveaway symptom is that you cannot get to Windows Updates. Running Wireshark on the cable shows that neither IE nor Firefox even do a DNS lookup. I haven't tried other browsers, but I expect them to be the same.
The other thing that Wireshark shows is the retrieval of target URLs from a machine in Eastern Europe. The PC then goes on to do the biggind of its bot master. Mostly click fraud, but passwords are also being stolen, and all search traffic seems to be echoed to a snooping server.
One of my customers uses online banking. I told him he had this infection, and that he should change all his passwords as a matter of urgency. He phoned the bank, just as I said he should. They replied that he could change his credentials himself on another computer. Nice to see the banks taking security so seriously - I mean, what harm can compromised credentials do?
Vic.
Apart from the obvious - long & complex passwords e.g zagy166Fts544ftbO4AQ31 ( Yes I don't write them down and yes I have a way to generate them on the fly from easy-to-remember passphrases)
Anyone care to guess the passphrase ( hint : it's easier that way round)
But esp. change to another non-admin account that's used just for banking ( hell have as many accounts as accounts)
Oh !, don't use Windows
I have no love for windows but seriously man, shut up! I have used windows to do my internet banking since my bank set the service up way back when, I have been through dodgy browsers and running with no AV or firewall and guess what, I have never lost a penny or control of my machine.
There are some incredibly basic steps that can be taken to provide yourself with total security - don't store passwords in a document on the machine, don't be donkey and click on links in e-mails from your "bank" and most importantly, as every online bank will tell you, "WE DON'T EVER ASK FOR YOUR WHOLE PASSWORD AND WHOLE PIN, NEVER GIVE IT OUT." ... whether you are running windows or linux, if you are retarded enough to blindly fill out a form then more fool you, you get no sympathy from me for your loss if you cannot follow basic instructions.
Untraceable wire transfers.... Wouldn't that be the first thing to fix? For being an industry with 7 digit bonuses it seems a poor show that money can disappear through untraceable transactions.
Aren't we sending all our SWIFT international transactions to the US so that they can fight terrorists? How is that supposed to work exactly if the transactions of a botnet are untraceable????
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
