AOH :: ISNQ5482.HTM

Bank Botnet Serves Fake Info to Thwart Researchers

Bank Botnet Serves Fake Info to Thwart Researchers
Bank Botnet Serves Fake Info to Thwart Researchers


http://www.wired.com/threatlevel/2009/10/urlzone-trojan/ 

By Kim Zetter 
Threat Level
Wired.com
October 6, 2009

Researchers tracking a gang of online bank thieves found that the 
criminals have deployed a devious means to thwart law enforcement and 
anyone else trying to monitor their activities.

The gang behind the URLZone trojan, which siphons money from online bank 
accounts and then alters a victim's online bank statement to hide the 
fraud, have also devised a method to hide the accounts of mules they use 
to launder the siphoned funds.

Researchers at RSA's FraudAction Research Labs say the gang was aware 
that their malware was being tracked by investigators, so they 
programmed their command and control server to generate non-mule 
accounts to make it more difficult for law enforcement and fraud 
investigators to halt laundering through the real accounts.

The URLZone is a Trojan that has been targeting customers of several top 
German banks. The victims. computers are infected with the Trojan after 
visiting compromised legitimate web sites or rogue sites set up by the 
hackers.

Once a victim is infected, the malware detects when a user is logged 
into a bank account, then contacts a control center hosted on a machine 
in Ukraine to initiate a money transfer from the victim's account, 
without the victim's knowledge. The control center tells the Trojan how 
much money to wire transfer from the victim's online bank account and 
which mule account should receive the transfer.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org

Site design & layout copyright © 1986- CodeGods