New Trojan Modifies Online Bank Statements

According to researchers at the Internet security firm Finjan, a novel Trojan has emerged, which not only steals the login details of users' online banking but also pilfers cash out of their accounts when they logged in, and then covers that fraud by producing bogus bank statements by rewriting original statements. News.cnet.com reported this on September 29, 2009.

Security researchers explained that for this particular crime, cyber crooks recruit mules by assuring them that they're associated with a genuine business. Also, in wake of economic recession, innocent people are increasingly joining these businesses while remaining totally unaware of their true nature.

Moreover, the gang, by means of infected as well as fraudulent websites, is disseminating Trojan URLZone, a malware that can easily access all the data on the compromised systems.

Thus, if a user's PC is infected, the malicious code seizes his login details meant to access his bank account after which it connects to a command-and-control hub, entertained on a Ukraine-located server to receive further directions.

This control center directs the Trojan how what amount of money it should wire transfer as well as the place where the money should be sent. Subsequently, when the Trojan executes the operation, it withdraws random sum of money and ensures that the withdrawals remain within the limit of the actual balances of the victim to stay clear of the automatic fraud detection systems of the bank.

Evidently, the victim would know about the theft only if he accesses his account using a non-infected PC.

Meanwhile, the stolen amounts first get transmitted to the money mules' genuine accounts, while they never doubt that they are letting the money to pass via their accounts for being laundered.

Additionally, as per the statistics from the command tool, 6,400 users from a total of 90,000 users who visited the websites compromised by the gang were infected with URLZone. While Finjan observed that most of the victims were using the Internet Explorer browser, it is said that other browsers are too susceptible to attacks.

Finally, according to the security firm, during mid-August 2009 over a period of 22 days, the crooks responsible for the Trojan stole euros equivalent to around $438,000, reported news.cnet.com on September 29, 2009.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 10/19/2009