Eastern European cyber criminals 'draining British bank accounts'
Eastern European cyber criminals are using sophisticated computer viruses to drain the accounts of thousands of British banking customers, internet security experts have said.
By Heidi Blake
Published: 7:19AM BST 11 Aug 2010
The fraudsters are using a trojan virus to hijack online bank accounts Photo: CLARE KENDALL
A new version the notorious “Zeus” virus, which cannot be detected by traditional firewalls, has stolen £675,000 from about 3,000 online customers of a British bank, the experts claimed.
The funds have been transferred out of the online accounts, which are held by businesses and individuals, since early July. Experts at M86 Security, which specialises in online fraud, said the virus checks to see how much money the accounts contain, steals it, and covers its tracks by showing the customer fake bank balances.
The online security firm, based in California and Britain, uncovered the fraud when it penetrated the criminals’ command server, which is based in Eastern Europe, and found a list of all the cash transfers. Experts produced a dossier explaining how the attacks had occurred and informed the police and the bank concerned two weeks ago – but experts said the attacks appear to be continuing.
The Zeus virus, which targets online bank accounts, first emerged three years ago. The new version, “Zeus v3”, not only collects users’ logins, passwords and bank details – it is also capable of transferring money out of the compromised accounts. Bradley Anstis, vice president of technical strategy at M86, told The Times: “This is an extremely sophisticated version of the virus and it cannot be detected by traditional security software”.
The experts also warned that such viruses are no longer confined to “red light district” sections of the web, such as gambling and pornography sites, but can be found on popular search engines, blogs and news websites. Last year, attackers placed a virus in an advertisement on the New York Times website.
M86 Security said that online banking customers had transferred the virus from legitimate websites onto their computers through “security holes” in either Microsoft’s Internet Explorer browser or Adobe Reader software. Once a computer is infected, the “Trojan” spyware lies dormant within the user’s browser until they connect to their online banking account.
The virus then hijacks the customer’s online banking session and checks their bank balance. If their account contains more than £800, it begins invisibly transferring the funds into “mule accounts” – other accounts held by legitimate online banking customers which the criminals have already penetrated.
Britain’s major high street banks refused to comment on whether their customers had been affected by the scam when contacted by The Times. But a spokesman for HSBC said: “There are millions of viruses, and other malicious software. We urge people to take basic measures to protect themselves from virus attacks.
Any customer who is the victim of fraud will be reimbursed by HSBC.” Online banking fraud increased 18 per cent last year to £59.7 million according to UK Payments Administration, the trade organisation. Last year, Southwark Crown Court heard how Eastern European fraudsters had used a Trojan virus to steal £600,000 from Nat West customers.