Cybercrooks net €300,000 in 22 days

[nsane.forums]

A recent phishing and malware scam netted a group of criminals some €300,000 in stolen funds, say experts.

Security vendor Finjan said that the criminals used a piece of financial malware to infect users and steal account details without being caught by bank security systems.

According to Finjan, the attackers used a combination of phishing sites and exploit attacks to dupe users into downloading a piece of malware known as the Zeus bank trojan.

Once installed, the trojan covertly dialled into a command server operated by the group. The server then directed the trojan to gather account details and transfer funds to a third-party account and create a forged bank statement.

As a result of the campaign, Finjan estimated that the cybercriminals were able to steal roughly €300,000 in a span of just 22 days.

"In this case, the specific criteria that the Trojan received from its Command & Control centre mark a whole new level of cybercrime sophistication in the techniques used by cybercriminals," said Finjan chief technology officer Yuval Ben-Itzhak.

"Using these methods they successfully evade anti-fraud systems that banks deploy, we dubbed it the Anti anti-fraud."

Further complicating matters was the use of third-party 'money mules' to launder the stolen money and make the criminals behind the operation harder to track down.

Often hired on the promise of a legitimate "work from home" job and unaware of the fraudulent activity, the mules accept transfers from the compromised accounts and then send the money back to the criminals as a wire transfer.

View: Original Article