// Home / News / Security

Attackers steal £675,000 from UK bank

By Nicole Kobie

Posted on 10 Aug 2010 at 13:40

A new version of the Zeus trojan has robbed £675,000 from a UK bank.

During July, more than 3,000 customer accounts were compromised using the trojan at one unnamed bank, according to a report from M86 Security, which uncovered the scale of the theft after cracking into the criminals' command and control server.

The third version of the Zeus trojan isn't only harvesting data, but actually performing illegal banking transactions. M86's chief security architect, Mark Kaplan, said the attack was unique because "it actively steals money and not only gathers username or passwords".

It actively steals money and not only gathers username or passwords

M86 said the trojan watches as banking customers login to their accounts, and checks to see if they have sufficient funds. If their account holds more than £800, the trojan transfers money to a mule account. The mules are valid accounts held by real banking customers, but compromised by the criminals to transfer money and cover their tracks.

The attackers used the Eleonore exploit kit - which can be bought online for a few hundred dollars - to take advantage of flaws in software such as Adobe and Internet Explorer to install the trojan after users visit a malicious web page. M86 said the command server for the scheme appeared to be based in Eastern Europe.

Kaplan said his firm had passed the details of the case to the police, saying the attacks are likely still happening. "As far as we know, it is still going on," he said. "However, the bank and law enforcement agencies are managing the situation now." M86 would not name the bank involved.

To avoid being hit by the attack, Kaplan advised online banking customers to set up text or email alerts to keep an eye on transactions, and to ask their bank to disable the ability to transfer money to third parties.

As the attackers are taking advantage of flaws in Adobe software, he advised using a different PDF reader. "I am not saying that those won't have any vulnerabilities, but at least they are less exposed," he said.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here

From around the web

User comments

"M86 would not name the bank involved."

Pity, then the customers of that bank would know to look out for strange transactions.

Wonder why it is just the one bank - or are the 3000 accounts only an example, with more being found from other banks?

By greemble on 10 Aug 2010

Yet another Adobe weakness they've been told about. How many years will it take them to fix it this time? There's apparently well over 400 bugs in Adobe Reader, but they've only fixed a small proportion so far, refusing to accept the bugs are real in some cases. A shame the competition authorities didn't block their take over of Macromedia.

By SwissMac on 11 Aug 2010

"Attackers"?

That is a bit mild for a PC Pro crime story surely? "Scumbags" or "Evil Bastards" would be more in tune with the recent house style!

By JohnAHind on 11 Aug 2010

Actually these "Scumbags" are doing a Service

Sorry JohnAH but we should commend these noble artisans.

They have created a tool that will save all those Bankers, Stock Brokers and other "Financial Services" types a load of work by stealing our money first....

By wittgenfrog on 11 Aug 2010

Alan

The obvious question is how do you detect and remove this virus.

By Alan_Briggs on 12 Aug 2010

PREVENTION:Use multi-layered security

Use a good ANTI-VIRUS plus firewall, like Symantec Endpoint Protection, and load Trusteers Rapport software, that can be used on ANY HTTPS secure site that require you to key in passwords etc.

By TD1947 on 13 Aug 2010

Leave a comment

You need to Login or Register to comment.