Keyloggers Used in $400,000+ Theft
"Sholar said the unauthorized transfers appear to have been driven by 'some kind computer virus.'"
This is how Walt Scholar, County Attorney of Bullit County, Kentucky, describes what lead to $415,000 being stolen from Bullit County's bank.
A malicious trojan keylogger is apparently to blame, but the cyber criminals definitely knew what they were doing. According to the Washington Post's "Security Fix" story on the trojan,
"'...the criminals stole the money using a custom variant of a keystroke logging Trojan known as "Zeus" (a.k.a. "Zbot") that included two new features.
'The first is that stolen credentials are sent immediately via instant message to the attackers.
'But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.'"
It doesn't really get much uglier than that, as that's enough to defeat all but the most complex bank and credit card consumer protections. As the piece goes on to point out, it's really only the commercial banks that have the resources to protect their customers with even more robust mechanisms.
"Many online banks will check to see whether the customer's Internet address is coming from a location already associated with the customer's user name and password, or at least from a geographic location that is close to where the customer lives.
"By connecting through the victim's PC or Internet connection, the bad guys can avoid raising any suspicions."
All-in-all, it's really a truly fascinating story with excellent coverage in the Security Fix blog, and it's a reminder of four things to me:
- run antivirus software (preferrably an Internet security suite)
- keep them updated
- listen to them when they complain
TrackBack URL for this entry:
Listed below are links to weblogs that reference Keyloggers Used in $400,000+ Theft :
The comments to this entry are closed.