Phishing Trojan scammers hit the jackpot

A RECENT phishing and malware scam netted a group of criminals some €300,000 in stolen funds, according to experts.

Security vendor Finjan said that the criminals used a piece of financial malware to infect users and steal account details without being caught by bank security systems.

The attackers used a combination of phishing sites and exploit attacks to dupe users into downloading a piece of malware known as Zeus.

Once installed, the Trojan covertly dialled into a command server operated by the group. The server then directed the Trojan to gather account details and transfer funds to a third-party account and create a forged bank statement.

As a result of the campaign, Finjan estimated that the cyber criminals were able to steal roughly €300,000 in just 22 days.

"In this case, the specific criteria that the Trojan received from its command and control centre mark a whole new level of sophistication in the techniques used by cyber criminals," said Finjan chief technology officer Yuval Ben-Itzhak.

"Using these methods they successfully evaded anti-fraud systems that banks deploy. We dubbed it the Anti anti-fraud."

Further complicating matters was the use of third-party 'money mules' to launder the stolen funds and make the criminals behind the operation harder to track down.

The mules are often hired on the promise of a legitimate 'work from home' job and are unaware of the fraudulent activity. They accept transfers from the compromised accounts and then send the money back to the criminals as a wire transfer. µ