Last month, a British bank and its customers were hit by a coordinated and targeted attack by criminals that launched their efforts from Eastern Europe.
In an impressive display of a blended threat, the crooks created advertising with malicious code that they then posted on legitimate websites (run by Yahoo for example) and their own websites. Once the advertisement was clicked on or the malicious website was visited, the user would unknowingly have an exploit kit (the Eleonore and Phoenix kits in this example) drill into the browser to embed the new and improved Zeus v3 Trojan onto their PCs.
Once installed the Trojan would announce to its Command and Control server (C&C) that it was ready and then wait for the user to log into their bank account.
When the unsuspecting user finally logged into their bank account, the Trojan would notify the C&C while the bank session was open. The C&C would then step in between the bank page and the user and provide a script that performed its own intelligence to determine how much money the user had in the account. If the user had over a certain amount, the script would transfer money into a money mule’s account which would eventually make its way to the criminals. The malefactors were aware of each process along the way receiving detailed information about the accounts and their values, the success or failure of any transactions – all via encrypted traffic to avoid detection.
An observation that everyone should take from this story is just how difficult it was(is) to detect the attack. Of all the anti-malware software that is on the market, only Sophos and Trend Micro would have caught the Zeus v3 Trojan which would have stopped the attack before it could have started. Most other anti-malware players have since updated their software to include Zeus v3.
The bank and the banking victims have been notified of the illegal activities and authorities are investigating. No responsible parties have been apprehended at this time.
Read more of the attack and the excellent research by M86 Security here.
If a hacker wants to do something, he or she can do it. First thing is to be careful what you click on and the second is to deploy good security measures on your computer!
Posted by: performance testing | August 24, 2010 at 05:42 PM
Its typically obvious that no one does not need to be a genius to commit crimes with computers. This is a warn online users for internet crimes and hopefully to make people aware that the internet is a dangerous neighborhood.
Posted by: Computer support service | September 20, 2010 at 11:48 PM
This is devastating news. Many bank depositors have a dismay because of what happened. This is not new because hacking has been a problem ever since. Even government agencies have been a victim of hacking. It is indeed a matter of security. Thanks a lot for clearing things. This is a help.
Posted by: virginia web design | December 27, 2010 at 01:59 AM