[ISN] Bank Botnet Serves Fake Info to Thwart Researchers

From: InfoSec News <alerts_at_private>
Date: Tue, 6 Oct 2009 03:35:12 -0500 (CDT)
http://www.wired.com/threatlevel/2009/10/urlzone-trojan/

By Kim Zetter 
Threat Level
Wired.com
October 6, 2009

Researchers tracking a gang of online bank thieves found that the 
criminals have deployed a devious means to thwart law enforcement and 
anyone else trying to monitor their activities.

The gang behind the URLZone trojan, which siphons money from online bank 
accounts and then alters a victim's online bank statement to hide the 
fraud, have also devised a method to hide the accounts of mules they use 
to launder the siphoned funds.

Researchers at RSA's FraudAction Research Labs say the gang was aware 
that their malware was being tracked by investigators, so they 
programmed their command and control server to generate non-mule 
accounts to make it more difficult for law enforcement and fraud 
investigators to halt laundering through the real accounts.

The URLZone is a Trojan that has been targeting customers of several top 
German banks. The victims. computers are infected with the Trojan after 
visiting compromised legitimate web sites or rogue sites set up by the 
hackers.

Once a victim is infected, the malware detects when a user is logged 
into a bank account, then contacts a control center hosted on a machine 
in Ukraine to initiate a money transfer from the victim's account, 
without the victim's knowledge. The control center tells the Trojan how 
much money to wire transfer from the victim's online bank account and 
which mule account should receive the transfer.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Oct 06 2009 - 01:35:12 PDT

This archive was generated by hypermail 2.2.0 : Tue Oct 06 2009 - 02:02:44 PDT