$205,000 Withdrawn from Missouri Dental Practice’s Online Bank Account

In yet another cyber assault, which exposes the financial risk faced by small and medium- sized companies while performing online banking transactions, well prepared and equipped cyber goons drew thousands of dollars from the online bank accounts of a Missouri dental practice, reported Brian Krebs, a former Washington Post reporter and a security expert, on its blog posted by KrebsonSecurity on March 30, 2010.

According to the reports, a dental practice for kids in Springfield, Mo. (USA), Smile Zone, fell prey to a withdrawal of $ 205,000 on March 22, 2010, from its corporate bank account.

Smile Zone is till now investigating as to how the account was compromised by the thieves. Krebs said that Zeus or Zbot, a Trojan horse program, was used by the attackers to hijack victim's system. It permits the hackers to mine into the victim's system to log on to the targeted account and perform the malicious task without even raising additional security mechanisms or red flags.

Apparently, the purpose to use Zeus or the 'Man in the Browser' bot was to hijack Smile Zone's accounts at the Great Southern Bank in Springfield, Missouri, US; blogger Brian Krebs said that the bank isn't compensating the dental clinic, according to the news published by TMSnet.com on April 7, 2010

Experts also highlighted that the attack was executed using money mules, employed via work-at-home job schemes on the Web and enticed into assisting the attackers launder the illegally withdrawn money. The anonymous felons distributed the money to around a dozen people nationwide.

This particular instance is yet another addition to the attacks executed by Zeus. Indeed, Zeus first emerged in 2007, and since then it has become really tough on businesses, said experts.

The Trojan robs online banking details, validating as a peculiarly sinister and successful malware piece. A criminal, using the Trojan, can seed other computers, through e-mails promising free video or music clip, with a program piece, which will provide them access to the system, permitting the criminal to execute a 'Man in the Browser' attack on an online bank connection of a company.

To avoid these attacks, experts' advice to businesses to construct and use a system strictly dedicated to perform online banking transactions.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 4/19/2010