Zeus v3 Trojan Steals £675,000 From UK Bank

Cyber-criminals based in Eastern Europe have stolen £675,000 from a British bank, using a new version of the infamous Zeus Trojan that cannot be detected by traditional firewalls.

According to security researchers at M86 Security, Zeus v3 spreads through legitimate websites and online advertising to infect victims’ computers. Once the Trojan is successfully installed on a PC, it lies dormant until the user connects to their online banking page. It then transfers the user’s banking login ID, date of birth, and a security number to a command and control server, enabling the hackers to break into the account.

About 3,000 online customers of an unnamed British bank have fallen victim to the cyber-criminals since 5 July, with each losing between £1,000 and £3,000, the experts claimed. However, money transfers are only carried out if the hacked account balance is bigger than £800. M86 claims that the attack is still progressing.

Bradley Anstis, vice-president of technical strategy at M86, explained that this latest version of the malware is “extremely sophisticated”, and is able to avoid detection by using the Secure Sockets Layer (SSL) protocol to communicate with the command and control centres.

UK bank accounts targeted

Only last week, researchers at security softeware maker Trusteer uncovered a large botnet of 100,000 computers built using a different variant of the Zeus malware. Again, almost all of the infected machines were thought to be in the UK.

After infecting the computers with Zeus 2, the botnet pilfered all kinds of user data, ranging from login information for banks to credit and debit card numbers and browser cookies.

“This is just one out of many Zeus 2 botnets operating all over the world,” said Amit Klein, Trusteer’s chief technology officer, at the time. “What is especially worrying is that this botnet doesn’t just stop at user IDs and passwords. By harvesting client side certificates and cookies, the cybercriminals can extract a lot of extra information on the user that can be used to augment their illegal access to those users’ online accounts.”

The Metropolitan Police Service’s Police Central E-Crime Unit (PCeU) also recently arrested six people as part of a suspected online banking fraud. The arrests took place across London and Ireland, and concerned the theft of credit cards, as well as personal information and banking details.

It is thought that more than 10,000 online bank accounts and 10,000 credit cards were compromised in phishing attacks, and the bank account take-over fraud amounted to approximately £1.14 million, with £358,000 stolen successfully.

Cyber crime budget cuts

The UK government recently axed plans for an increase in funding to the Metropolitan Police’s cyber crime unit. With online fraud and other electronic crimes becoming increasingly commonplace, the Police Central e-crime Unit had been hoping for extra funding from the Home Office for training and equipment purposes. However the extra funding was cut as part of the coalition government’s £6 billion deficit reduction plans.

“There is concern that at the moment the cyber crime authorities are pretty pitifully funded for the level of crime that is going on,” said Graham Cluley, senior technology consultant at Sophos, speaking to eWEEK Europe last week. “I think the one thing we can be sure of is that the cyber criminals aren’t cutting their investment in this kind of crime. We are seeing more attacks than ever before. We see 60,000 pieces of new malware every single day, which is simply staggering, but that’s the level of crime that we’re seeing. So companies need to keep on top of this problem.”