Keyloggers Used in $400,000+ Theft


« Research into the Workings of Real Botnets | Main | Urgent Adobe Acrobat & Flash Security Advisory »

07/30/2009



Keyloggers Used in $400,000+ Theft

Kevin R. Smith
Co-Editor


"Sholar said the unauthorized transfers appear to have been driven by 'some kind computer virus.'"

This is how Walt Scholar, County Attorney of Bullit County, Kentucky, describes what lead to $415,000 being stolen from Bullit County's bank. 

A malicious trojan keylogger is apparently to blame, but the cyber criminals definitely knew what they were doing. According to the Washington Post's "Security Fix" story on the trojan,

"'...the criminals stole the money using a custom variant of a keystroke logging Trojan known as "Zeus" (a.k.a. "Zbot") that included two new features.

'The first is that stolen credentials are sent immediately via instant message to the attackers.

'But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.'"

It doesn't really get much uglier than that, as that's enough to defeat all but the most complex bank and credit card consumer protections. As the piece goes on to point out, it's really only the commercial banks that have the resources to protect their customers with even more robust mechanisms.

"Many online banks will check to see whether the customer's Internet address is coming from a location already associated with the customer's user name and password, or at least from a geographic location that is close to where the customer lives.

"By connecting through the victim's PC or Internet connection, the bad guys can avoid raising any suspicions."


All-in-all, it's really a truly fascinating story with excellent coverage in the Security Fix blog, and it's a reminder of four things to me:

  1. run antivirus software (preferrably an Internet security suite)
  2. keep them updated
  3. listen to them when they complain


For a very brief version of the heist at virusbtn.com:
Keyloggers used to loot US county

For slightly more thorough coverage at theregister.co.uk:
Kentucky payroll phishing scam nets small fortune

Posted by Kevin R. Smith at 12:00:00 AM in Trojan

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a0133f40d81f4970b01348764912f970c

Listed below are links to weblogs that reference Keyloggers Used in $400,000+ Theft :

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.