By Kim Zetter
October 6, 2009
Researchers tracking a gang of online bank thieves found that the
criminals have deployed a devious means to thwart law enforcement and
anyone else trying to monitor their activities.
The gang behind the URLZone trojan, which siphons money from online bank
accounts and then alters a victim's online bank statement to hide the
fraud, have also devised a method to hide the accounts of mules they use
to launder the siphoned funds.
Researchers at RSA's FraudAction Research Labs say the gang was aware
that their malware was being tracked by investigators, so they
programmed their command and control server to generate non-mule
accounts to make it more difficult for law enforcement and fraud
investigators to halt laundering through the real accounts.
The URLZone is a Trojan that has been targeting customers of several top
German banks. The victims. computers are infected with the Trojan after
visiting compromised legitimate web sites or rogue sites set up by the
Once a victim is infected, the malware detects when a user is logged
into a bank account, then contacts a control center hosted on a machine
in Ukraine to initiate a money transfer from the victim's account,
without the victim's knowledge. The control center tells the Trojan how
much money to wire transfer from the victim's online bank account and
which mule account should receive the transfer.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News