nsane.forums Posted October 1, 2009 Share Posted October 1, 2009 A recent phishing and malware scam netted a group of criminals some €300,000 in stolen funds, say experts. Security vendor Finjan said that the criminals used a piece of financial malware to infect users and steal account details without being caught by bank security systems. According to Finjan, the attackers used a combination of phishing sites and exploit attacks to dupe users into downloading a piece of malware known as the Zeus bank trojan. Once installed, the trojan covertly dialled into a command server operated by the group. The server then directed the trojan to gather account details and transfer funds to a third-party account and create a forged bank statement. As a result of the campaign, Finjan estimated that the cybercriminals were able to steal roughly €300,000 in a span of just 22 days. "In this case, the specific criteria that the Trojan received from its Command & Control centre mark a whole new level of cybercrime sophistication in the techniques used by cybercriminals," said Finjan chief technology officer Yuval Ben-Itzhak. "Using these methods they successfully evade anti-fraud systems that banks deploy, we dubbed it the Anti anti-fraud." Further complicating matters was the use of third-party 'money mules' to launder the stolen money and make the criminals behind the operation harder to track down. Often hired on the promise of a legitimate "work from home" job and unaware of the fraudulent activity, the mules accept transfers from the compromised accounts and then send the money back to the criminals as a wire transfer. View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.