http://www.wired.com/threatlevel/2009/10/urlzone-trojan/ By Kim Zetter Threat Level Wired.com October 6, 2009 Researchers tracking a gang of online bank thieves found that the criminals have deployed a devious means to thwart law enforcement and anyone else trying to monitor their activities. The gang behind the URLZone trojan, which siphons money from online bank accounts and then alters a victim's online bank statement to hide the fraud, have also devised a method to hide the accounts of mules they use to launder the siphoned funds. Researchers at RSA's FraudAction Research Labs say the gang was aware that their malware was being tracked by investigators, so they programmed their command and control server to generate non-mule accounts to make it more difficult for law enforcement and fraud investigators to halt laundering through the real accounts. The URLZone is a Trojan that has been targeting customers of several top German banks. The victims. computers are infected with the Trojan after visiting compromised legitimate web sites or rogue sites set up by the hackers. Once a victim is infected, the malware detects when a user is logged into a bank account, then contacts a control center hosted on a machine in Ukraine to initiate a money transfer from the victim's account, without the victim's knowledge. The control center tells the Trojan how much money to wire transfer from the victim's online bank account and which mule account should receive the transfer. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Oct 06 2009 - 01:35:12 PDT
This archive was generated by hypermail 2.2.0 : Tue Oct 06 2009 - 02:02:44 PDT