Posted by: kenwbudd | August 10, 2010

U.K. bank hit by massive fraud from ZeuS-based botnet

Security vendor M86 Security says it’s discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution.

The Top Ten Most wanted Spam-Spewing Botnets

Bradley Anstis, vice president of technology strategy at M86 Security, said the security firm uncovered the situation in late July while tracking how one ZeuS botnet had been specifically going after the U.K.-based bank and its customers. The botnet included a few hundred thousand PCs and even about 3,000 Apple Macs, and managed to steal funds from about 3,000 customer accounts through unauthorized transfers equivalent to roughly $892,755.

Anstis declined to name the bank. He said the botnet used in the attack is based on version 3.0 of the ZeuS malware and appears to be controlled from Eastern Europe, with a server hosted in Moldava.

From the investigation into the botnet’s server operations, M86 Security has found the criminals controlling the botnet waited until accounts reached at least 800 Euros before initiating a fraudulent funds transfer from the victim’s compromised machine to a number of other accounts used by money mules who would forward the funds on to Eastern Europe.

Anstis says the victimised bank was offering “free security software” to customers but it wasn’t clear if this software, which M86 declined to name, was in use when the fraudulent transfers were made. Anstis says the process of notifying the bank to let it know what M86 Security has discovered about the botnet was a somewhat frustrating experience.

U.K. bank hit by massive fraud from ZeuS-based botnet


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: