Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Banking Fraud Campaign Steals 500k Euros In a Week

Unknown Lamer posted about 3 months ago | from the red-stapler dept.

Security 35

An anonymous reader writes The experts at Kaspersky Lab have discovered evidence of a targeted attack against the clients of a large European bank. According to the logs found in the server used by the attackers, apparently in the space of just one week cybercriminals stole more than half a million euros from accounts in the bank. The experts also detected transaction logs on the server, containing information about which sums of money were taken from which accounts. All in all, more than 190 victims could be identified, most of them located in Italy and Turkey. The sums stolen from each bank account, according to the logs, ranged between 1,700 to 39,000 euros.

cancel ×

35 comments

Sorry! There are no comments related to the filter you selected.

Really? (2, Insightful)

Anonymous Coward | about 3 months ago | (#47314185)

Banking fraud here in America steals entire QE packages.

http://inthesetimes.com/news/entry/14886/the_excel_spreadsheet_error_that_justified_global_austerity

Targeted Attack? (5, Insightful)

Joe Gillian (3683399) | about 3 months ago | (#47314191)

One thing I don't really understand, and the article doesn't mention, is how exactly they know this was a targeted attack. The way the article reads, it sounds like a bunch of people got infected with a Zeus variant and had their banking details stolen off their computers, and coincidentally, a bunch of them happened to use the same large European bank. I'm willing to bet that some of those victims probably didn't use the bank in question, and that there are financial losses ranging outside of that one bank.

That said, this isn't a very good article, because it doesn't mention how they think the malware got onto these people's computers or even which bank was supposedly "targeted".

Re:Targeted Attack? (0, Interesting)

Anonymous Coward | about 3 months ago | (#47314241)

@Joe Gillian: "this isn't a very good article, because it doesn't mention how they think the malware got onto these people's computers"

That's down to a very sucessful propaganda campaign by Microsoft, the media will only mention the platform if it's Apple, Linux or Android, else it's 'banking' trojan ..

Re:Targeted Attack? (0)

Anonymous Coward | about 3 months ago | (#47314467)

I'm not sure Microsoft has to do anything anymore. Windows is pretty much taken as a given when you say "computer". It doesn't even register that you're running Windows, or that you have anything to do with Microsoft. Sure, there's that copyright notice that says "Microsoft", but it's so ubiquitous that it's just something you always see there. Ever ask what computer a user has and they reply "Windows" or "Microsoft"?

These days the trend is that Mac is becoming a second option, but even then just in the following locations: between the English Channel and the Atlantic Ocean and between the North Atlantic Ocean and the North Pacific. Everybody else in the world? They're running Windows, and everyone who isn't is a weirdo (Linux? BSD? what's wrong with you? Mac? You must be a one-percenter or a chav). And _all_ that is down to cost. And by cost I mean "piracy", because it has to play PC games too (also pirated of course), a thing that Linux doesn't very well. Get Wine to play all those pirated games and Windows will drop in market share like flies.

Just to be clear here: I'm not talking about corporations, but consumers, here. Corporations are a different kettle of fish when it comes to purchases. They might drop Windows only because their workers dropped Windows because Wine is so good at running those pirated games, so the skill set shifts.

Re:Targeted Attack? (0)

Anonymous Coward | about 3 months ago | (#47315367)

Is it, if we are talking about consumers, here at my Uni with > 50,000 users Mac surpasses largely any Windows notebooks...even iOS beats Android by a large factor, which is quite surprising.

Re:Targeted Attack? (1)

plover (150551) | about 3 months ago | (#47317645)

Regarding your iOS v. Android observation, that's possibly related to demographics. On average, university students tend to come from families with better educated parents, and better education correlates with a higher average income. I'm not saying every student on your campus was given an iPhone by a rich mommy and daddy, but I bet the average is higher than in the general population.

Re:Targeted Attack? (1)

Mr D from 63 (3395377) | about 3 months ago | (#47314383)

Its also not clear how the attackers set up these target accounts without being flagged somehow. The use of those accounts might be the reason it was confined to one institution, and it seems that would be the most embarrassing element to the bank.

Zeus != a problem, with this... apk (-1)

Anonymous Coward | about 3 months ago | (#47315187)

Simply by adding to your custom hosts file OR firewall rules table via https://zeustracker.abuse.ch/m... [abuse.ch]

APK

P.S.=> Of course, for even more protection (security-wise vs. malicious code bearing botnets or sites, plus DNS redirects fixed via hardcodes of your fav. sites), speed, reliability, & anonymity? Shameless plug:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of hosts' benefits enumerated in link)

As it imports, sorts, & deduplicates as well as "normalizes" to the most efficient blocking addresses vs. threats such as this one + MANY others online, FAR more efficiently than say, Almost ALL Ads blocked -> https://blog.mozilla.org/nneth... [mozilla.org] ) & all other browser addons - no single one does a FRACTION of what hosts can for the items noted above...

... apk

Re:Zeus != a problem, with this... apk (0)

Anonymous Coward | about 3 months ago | (#47316007)

Jesus can you not sod off with this spam?

Updating and altering the hosts file is nothing new, get over yourself ffs.

Your software could have been written by a child, the benefits you list are the benefits of changing your host file yet you spam this site and probably lots more, singing at the top of your voice about how it's better than anyone elses solution at every chance you get. You act as if you've found some great new secret way of blocking malware, when in fact it is one of the basics steps needed when securing computer.

It's ontopic (& you're not, trolling)... apk (0)

Anonymous Coward | about 3 months ago | (#47316961)

I'm also not selling it + it works! Quit off topic trolling. Edits of hosts by hand vs. the 1,000's to potentially MILLIONS of entries my 12 reputable sources in the security community supplies, by hand? Good luck to THAT too... & have fun (when you're done with a day's worth of data a month or more later, that is).

Prevention IS the best medicine - NOT "Reactive" failing tech like AntiVirus (which as I noted in my posts here, Symantec even admits they are only 55% effective in their antivirus nowadays, & AdBlock + other browser addons are horribly inefficient + don't DO a fraction of what custom hosts files can either!) - using hosts?

WHAT YOU CAN'T TOUCH, CAN'T BURN YOU (nor can botnets or other forms of malware communicate back to their C&C servers either - double bonus!).

APK

P.S.=> I merely make the job easy, with GREAT data sources (which you can alter as well by changing its .ini file) & it's recommended as "best of breed" by MalwareBytes' hpHosts no less (a recognized security community member that hosts it for me no less) @ the TOP of their page no less -> http://hosts-file.net/?s=Downl... [hosts-file.net]

... apk

"Children" here have tried to write it... apk (0)

Anonymous Coward | about 3 months ago | (#47317127)

"Your software could have been written by a child" - by Anonymous Coward on Wednesday June 25, 2014 @12:22PM (#47316007)

Failing miserably (with scripts nobody uses, they want GUI easy) http://slashdot.org/comments.p... [slashdot.org]

Another tried & failed here as well http://slashdot.org/comments.p... [slashdot.org]

Nt just once, but 3-4 times more I have bookmarked no less!

Failing on points I noted there and there are FAR MORE they would run into - those 'children' just then gave up... never tried it again (after I pointed out only SOME of the errors his work had, and processing he overlooked & I definitely don't!)

APK

P.S.=> So much for trolls like you (you're probably that troll I outright schooled & out thought on that account I'd go so far as to wager even... lol!)

... apk

Re:Zeus != a problem, with this... apk (0)

Anonymous Coward | about 3 months ago | (#47318497)

It is better and does more for you in speed, security, reliability and anonymity listed here http://start64.com/index.php?o... [start64.com]

Oh, stfu. Adblock spammed their inferior shit (0)

Anonymous Coward | about 3 months ago | (#47413891)

On /. for years. You advertisers never bitch cuz adblock's easily detected (native browser methods) + can be blocked thus easily. Who are you trying to fool here? Yourself?

Zeus != a problem, with this... apk (0)

Anonymous Coward | about 3 months ago | (#47317533)

Simply by adding to your custom hosts file OR firewall rules table via https://zeustracker.abuse.ch/m... [abuse.ch]

APK

P.S.=> Of course, for even more protection (security-wise vs. malicious code bearing botnets or sites, plus DNS redirects fixed via hardcodes of your fav. sites), speed, reliability, & anonymity? Shameless plug:

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of hosts' benefits enumerated in link)

As it imports, sorts, & deduplicates as well as "normalizes" to the most efficient blocking addresses vs. threats such as this one + MANY others online, FAR more efficiently than say, Almost ALL Ads blocked -> https://blog.mozilla.org/nneth... [mozilla.org] ) & all other browser addons - no single one does a FRACTION of what hosts can for the items noted above...

... apk

bitcoins (0)

Anonymous Coward | about 3 months ago | (#47314195)

OMG lets make banks illegal, it is the next bitcoin.

Re:bitcoins (2)

pantaril (1624521) | about 3 months ago | (#47314561)

OMG lets make banks illegal, it is the next bitcoin.

This story nicely ilustrates that even the old financial system with it's chargebacks and deposit insurances is not imune to scam and theft.

What OS does this targeted banking fraud run on? (1)

lippydude (3635849) | about 3 months ago | (#47314219)

On the C&C server we detected there was no information as to which specific malware program was used in this campaign. However, many existing Zeus variations (Citadel, SpyEye, IceIX, etc.) – have that necessary capability. We believe the malware used in this campaign could be a Zeus flavor using sophisticated web injects on the victimsref [net-security.org]

Re:What OS does this targeted banking fraud run on (1)

thoriumbr (1152281) | about 3 months ago | (#47314239)

The C&C server probably runs Linux. The stolen victims problably runs Windows.

Re:What OS does this targeted banking fraud run on (0)

Anonymous Coward | about 3 months ago | (#47314617)

"probably"
why did you even bother to post?

Re:What OS does this targeted banking fraud run on (1)

thoriumbr (1152281) | about 3 months ago | (#47324845)

Ok, let's elaborate...

Usually, the C&C server is a rented virtual server, hosted on a "cloud provider" with little regard to identity verification. Those servers are always paid for with money from an untraceable source (like Webmoney or Western Union). This makes very difficult to track identities from the server to the money, and from the money to the owners of it.
VPS providers running Linux are plenty out there. And a remote Linux server is easier to manage than a remote Windows server [citation needed]. Deploying the C&C server infrastructure on Linux, using stolen SSH passwords with bots is way easier than do the same using rdesktop to deploy the infrastructure on hacked Windows servers.
So, probably the server is a virtual Linux server sitting on a datacenter, and the owners of the datacenter may not be aware of the fact that they host a C&C Server.

On the client side, they are surely running Windows. Compromising a Windows user is easier than a Linux user. Linux users generally does not run SSH, Apache, MySQL et al. Linux servers do. On the other side, there's a massive amount of pirated versions of Windows XP vulnerable to a wide range of local and remote exploits. Sending a threatening email with a link is a very easy way to get a user hit a site hosting an exploit pack and get infected. From there, the computer is owned and the user is owned as well.

It can be a directed phishing. If someone had access to the bank's client list, they can send a very convincing email with real data, and get a lot of customers infected. If they send a generic email to a lot of unrelated people, someone will notice and probably inform the bank of the attack.

Zeus variants = no problem... apk (-1)

Anonymous Coward | about 3 months ago | (#47315449)

You want to read this post if you're concerned about it -> http://it.slashdot.org/comment... [slashdot.org]

APK

P.S.=> It works, & more efficiently + effectively than AntiVirus programs (Symantec recently stated literally only 55% effectiveness in fact) OR browser addons by far, and even shores up DNS redirection issues... apk

Zeus variants = no problem... apk (0)

Anonymous Coward | about 3 months ago | (#47317551)

You want to read this post if you're concerned about it -> http://it.slashdot.org/comment... [slashdot.org]

APK

P.S.=> It works, & more efficiently + effectively than AntiVirus programs (Symantec recently stated literally only 55% effectiveness in fact) OR browser addons by far, and even shores up DNS redirection issues... apk

You ain't seen nothin yet from the Nest (0)

Anonymous Coward | about 3 months ago | (#47314365)

Technology has been impinging on far too many aspects of our lives, and one place where you have to be careful is the automated home. Maybe I'm just old fashioned, but I prefer physical controls over virtual ones. This is especially true when it comes to turning off the lights in the kitchen.

My home doesn't need automation. If there was a robot that would straighten out my office and vacuum rugs and dust and re-arrange the bookshelves, then I'd be all in. As long as the device wasn't hooked to the Internet to be reprogrammed by some misanthropic engineer who would find it amusing to have the robot trash the house.

There is no such robot and none on the horizon, nor any free lunches, not even at Google.

Opinions The Internet is part of the problem. In the case of home automation, it is particularly frightening. You know that once an automation system is established and can be operated remotely online, then someone will hack the system and make a lot of people miserable.

Ever since Google bought Nest, this is the first thing I think of.

This week at Google I/O, the company might brag about Nest, and show some fakakta Web interface to turn off lights you may have left on. These devices will be hooked to Google Central so your habits can be studied. Thus you can be delivered targeted advertising.

You all know what targeted advertising is, right? It's those genius ads that show up all over the place trying to sell you a product you already bought. Yeah, those ads.

I have toyed with various attempts at home automation since before the X10 standard. It's always been about spending dollars to save pennies. The Nest Thermostat is a classic example. It is indeed a cool product that is nothing more than a remotely programmable on-off switch that costs $250. If China decided to produce the same thing, it would be $20.

The idea is that you can program it and it can learn and it can maximize energy and save money and save the environment and on and on. It's also cool looking and shows that you are a conspicuous consumer for owning one. Only geeks will program them to any extreme and the real amount of money saved will be nil. At the end of the day it's just another over-priced, cool-looking gizmo for bored geeks who will claim they actually "love" the device.

This is just the beginning for Google, though. The real target is the full home automation market, which does indeed exist. It targets large unmanageable McMansions found in the suburbs of Dallas and Atlanta. You know, the palatial multi-story homes built in a subdivision on postage stamp sized lots. You generally fly over them while landing at the airport and wonder who in their right minds would buy a place like this.

Answer: home automation suckers.

Home automation has been around since 1975 yet has never become a mass market phenomenon. Frankly, this is because it is a pain in the arse. Companies like Google, whose executives live in a dream world of their own creation, tend to drift into thinking that everyone wants this crap.

My home automation is more average and typical of the American public. It consists of yelling, "Hey, it's freezing in here, can someone turn on the heater?" That usually results in the other end of the transaction yelling, "Get up and turn it on yourself!"

This is real voice command and generally better understood than anything Google will develop. Other commands include. "Can't anyone turn off any lights in this house?" "Who left the water boiling on the stove?" "The dog needs food!" and the classic, "Did anyone get the mail?"

This is real home automation.

The real problem with all this Nest malarkey will come once these systems are on the net-the so-called "Internet of things." Once they start getting hacked there will be no stopping it. Nobody will be bothering to update the devices to block unwanted access-until they come home in the middle of summer with all the heaters on full blast, the lights flashing on and off, and the coffee pot on fire.

This is exactly where this all leads. And it only evolves to this because people are too lazy to get up and turn off some lights or set a thermostat.

Re:You ain't seen nothin yet from the Nest (1)

Mr D from 63 (3395377) | about 3 months ago | (#47314597)

Sometimes its about product choice and need. I use a Cyberstat wifi thermostat. Simple and relatively low cost programmable and remotely accessible. Not really "automation" but gives you control from anywhere... what more does one really need?

Re:You ain't seen nothin yet from the Nest (0)

Anonymous Coward | about 3 months ago | (#47314697)

I need Star Trek. In other words, "Computer, reduce temperature by 1 degree" (more likely "OK Google, reduce temperature by 1 degree"). I don't want to remotely program the thing. I don't want to fiddle with some app or web page on my phone, authenticate to my thermostat, and change the setting. I could walk to the damn thing easier. I want to just tell the thing what to do. If I screw up and just say, "Siri, it is too fucking cold in here!" it should figure out that it needs to raise the temperature and take a first guess at 2 degrees and go from there. Maybe I say, "Cortana, I am sweating here!" and it should drop the temperature (yes, Cortana is the Windows Phone's Siri / Google Now).

Re:You ain't seen nothin yet from the Nest (0)

Anonymous Coward | about 3 months ago | (#47316353)

I need Star Trek. In other words, "Computer, reduce temperature by 1 degree" (more likely "OK Google, reduce temperature by 1 degree"). I don't want to remotely program the thing. I don't want to fiddle with some app or web page on my phone, authenticate to my thermostat, and change the setting. I could walk to the damn thing easier. I want to just tell the thing what to do. If I screw up and just say, "Siri, it is too fucking cold in here!" it should figure out that it needs to raise the temperature and take a first guess at 2 degrees and go from there. Maybe I say, "Cortana, I am sweating here!" and it should drop the temperature (yes, Cortana is the Windows Phone's Siri / Google Now).

Siri (to herself): Sheesh, this guy's too eff'ing stupid to get up and adjust the thermostat.

"In the space of just one week..." (1)

rmdingler (1955220) | about 3 months ago | (#47314387)

I'm no experienced cybercriminal,

but how long would you want to hang around the scene of the crime?

It seems like most folks, who happen across a revenue stream from which a pinstriped suit is one possible future, would be best served by a quick-in/quick-out strategy.

How do they prevent the money from being tracked? (2)

JTsyo (1338447) | about 3 months ago | (#47314767)

Since this is all done electronically, what do the thieves do to prevent the banks from tracking where the money went? Why would banks allow transfers to institutions that don't allow the money to be tracked and returned?

Re:How do they prevent the money from being tracke (1)

volmtech (769154) | about 3 months ago | (#47314977)

There must be a good reason. If all it takes is account information any bank employee could make himself rich first week on the job. My take on it is banks move a lot of "questionable " money around so explicit details of every transaction are purposely not recorded.

Re:How do they prevent the money from being tracke (1)

Carewolf (581105) | about 3 months ago | (#47315043)

They don't. They need to buy something with the money or withdray them. The transfers can easily be undone and the money will return to where they were taken from unless they are fully out of the electronic system.

Re:How do they prevent the money from being tracke (1)

mjwx (966435) | about 3 months ago | (#47320571)

They don't. They need to buy something with the money or withdray them. The transfers can easily be undone and the money will return to where they were taken from unless they are fully out of the electronic system.

Not really,

You launder electronic money in the same way you launder physical money. Through a semi-legit shell company. You dont need to take it out of the electronic system, you just need to take it out of the banks direct control. You cant actually do a chargeback when you dont know where the money went after step 2 because the shell company shut down and the "directors" are nowhere to be seen.

When you do a chargeback after being defrauded, banks eat the cost because they want to keep you addicted to the credit which earns them a very large mint in merchant service and interchange fees. The loss of you going back to cash or debit is worth thousands per year.

Re:How do they prevent the money from being tracke (0)

Anonymous Coward | about 3 months ago | (#47318503)

Money mules? They transfer the money to the legit bank account of a dope who then proceeds to convert it to an untraceable form (iPhones shipped to a rented warehouse in eastern Europe), western union transfer, etc.) in exchange for a percentage of the cut. When the originator bank / police come calling, the mule is left holding the bag ;-)

Not really stolen (0)

Anonymous Coward | about 3 months ago | (#47315301)

Just the IRS collecting back taxes, nothing to see, move along.

frist st*op (-1)

Anonymous Coward | about 3 months ago | (#47316583)

Amature hour (0)

Anonymous Coward | about 3 months ago | (#47326153)

This is not even a drop in the bucket of the ongoing fraud banks commit each and every day.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?