Banking Fraud Campaign Steals 500k Euros In a Week

An anonymous reader writes The experts at Kaspersky Lab have discovered evidence of a targeted attack against the clients of a large European bank. According to the logs found in the server used by the attackers, apparently in the space of just one week cybercriminals stole more than half a million euros from accounts in the bank. The experts also detected transaction logs on the server, containing information about which sums of money were taken from which accounts. All in all, more than 190 victims could be identified, most of them located in Italy and Turkey. The sums stolen from each bank account, according to the logs, ranged between 1,700 to 39,000 euros.

Really?

[Anonymous Coward]

Banking fraud here in America steals entire QE packages.

http://inthesetimes.com/news/entry/14886/the_excel_spreadsheet_error_that_justified_global_austerity

Targeted Attack?

[Joe Gillian]

One thing I don't really understand, and the article doesn't mention, is how exactly they know this was a targeted attack. The way the article reads, it sounds like a bunch of people got infected with a Zeus variant and had their banking details stolen off their computers, and coincidentally, a bunch of them happened to use the same large European bank. I'm willing to bet that some of those victims probably didn't use the bank in question, and that there are financial losses ranging outside of that one bank.

That said, this isn't a very good article, because it doesn't mention how they think the malware got onto these people's computers or even which bank was supposedly "targeted".

Re:

[plover]

Regarding your iOS v. Android observation, that's possibly related to demographics. On average, university students tend to come from families with better educated parents, and better education correlates with a higher average income. I'm not saying every student on your campus was given an iPhone by a rich mommy and daddy, but I bet the average is higher than in the general population.

Re:

[Mr D from 63]

Its also not clear how the attackers set up these target accounts without being flagged somehow. The use of those accounts might be the reason it was confined to one institution, and it seems that would be the most embarrassing element to the bank.

Re:

[pantaril]

OMG lets make banks illegal, it is the next bitcoin.

This story nicely ilustrates that even the old financial system with it's chargebacks and deposit insurances is not imune to scam and theft.

What OS does this targeted banking fraud run on?

[lippydude]

“On the C&C server we detected there was no information as to which specific malware program was used in this campaign. However, many existing Zeus variations (Citadel, SpyEye, IceIX, etc.) – have that necessary capability. We believe the malware used in this campaign could be a Zeus flavor using sophisticated web injects on the victims” ref [net-security.org]

Re:

[thoriumbr]

The C&C server probably runs Linux. The stolen victims problably runs Windows.

Re:

[thoriumbr]

Ok, let's elaborate...

Usually, the C&C server is a rented virtual server, hosted on a "cloud provider" with little regard to identity verification. Those servers are always paid for with money from an untraceable source (like Webmoney or Western Union). This makes very difficult to track identities from the server to the money, and from the money to the owners of it.
VPS providers running Linux are plenty out there. And a remote Linux server is easier to manage than a remote Windows server [citation n

Re:

[Mr D from 63]

Sometimes its about product choice and need. I use a Cyberstat wifi thermostat. Simple and relatively low cost programmable and remotely accessible. Not really "automation" but gives you control from anywhere... what more does one really need?

"In the space of just one week..."

[rmdingler]

I'm no experienced cybercriminal,

but how long would you want to hang around the scene of the crime?

It seems like most folks, who happen across a revenue stream from which a pinstriped suit is one possible future, would be best served by a quick-in/quick-out strategy.

How do they prevent the money from being tracked?

[JTsyo]

Since this is all done electronically, what do the thieves do to prevent the banks from tracking where the money went? Why would banks allow transfers to institutions that don't allow the money to be tracked and returned?

Re:

[volmtech]

There must be a good reason. If all it takes is account information any bank employee could make himself rich first week on the job. My take on it is banks move a lot of "questionable " money around so explicit details of every transaction are purposely not recorded.

Re:

[Carewolf]

They don't. They need to buy something with the money or withdray them. The transfers can easily be undone and the money will return to where they were taken from unless they are fully out of the electronic system.

Re:

[mjwx]

They don't. They need to buy something with the money or withdray them. The transfers can easily be undone and the money will return to where they were taken from unless they are fully out of the electronic system.

Not really,

You launder electronic money in the same way you launder physical money. Through a semi-legit shell company. You dont need to take it out of the electronic system, you just need to take it out of the banks direct control. You cant actually do a chargeback when you dont know where the money went after step 2 because the shell company shut down and the "directors" are nowhere to be seen.

When you do a chargeback after being defrauded, banks eat the cost because they want to keep you addicted t