Page last updated at 00:18 GMT, Wednesday, 30 September 2009 01:18 UK

Online thieves step up bank raids

Screen shot of gang's server
The gang's server logged all the successful money transfers

Cyber-criminals have developed sophisticated ways to remain undetected, a new report finds.

The report, from security firm Finjan, describes how one gang, based in the Ukraine, stole 300,000 euros (£269,000) in 22 days.

It used a sophisticated piece of malicious software which fooled banks' anti-fraud systems as well as forging bank statements to hide the thefts.

It also recruited innocent job-seekers as so-called money mules.

Such mules were needed to prevent a direct money trail being traced back to the gang.

The specific attack, monitored during the month of August, was aimed at the customers of several German online banks.

The German police have been informed.

The server used by the gang has been frozen although it is not known whether gang members have actually been caught.

Specific criteria

The gang used infected and fake websites to spread the trojan, a piece of malicious code which, once installed, can access all the data on the infected machine.

From a command and control server hosted in the Ukraine, the code was installed on the computers of bank account holders.

The trojan received specific instructions about how much money to steal from each account as well as the details of the money mule's account into which the money was transferred.

screen shot of bank statement
This statement suggests 53.94 euros was transferred. In fact 8,576 euros was stolen

Finjan's chief technology officer Yuval Ben-Itzhak said he was surprised at the level of sophistication employed by the gang.

The code included very specific criteria to make sure the bank accounts of victims were not completely emptied and to ensure the amount being stolen was not so high that it would be detected by banks' anti-fraud systems.

To further obfuscate their crimes, the code used by the gang was able to generate a forged screen showing the transfer of a small amount of money.

The real amount stolen would only be obvious to the victim if they logged into their account from an uninfected computer.

"They wanted to make sure the victim would not find out from their statements. In some cases they deleted transactions completely," said Mr Ben-Itzhak.

Anti-fraud systems are designed to detect unusual money transfers, as well as strange behaviour on customers accounts.

Money-making schemes

Do a Google search for the company address
Do a Post Office address look-up for the company address. If none exists it is a fake
If the employer asks to use your bank account, drop the offer

Money mules are increasingly being recruited by cybercriminals as a way of preventing police finding a direct link to them.

"We have spotted money mules being used in the last six months or so," said Mr Ben-Itzhak.

The recession has made it easier to recruit people, he thinks.

"There are more people looking for jobs and if an attractive job offer drops into their inbox, they are going to take it," he said.

The Ukrainian cyber-criminals hired its "mules" by falsely telling them they would be working for a legitimate business.

These "mules" were unaware that they are being sent stolen money, but believed that they are being paid for working from home or other moneymaking schemes.

The money mules in this particular case are being treated as innocent victims and, although they will be questioned, will not face prosecution.

Print Sponsor

Zombie computers 'on the rise'
06 May 09 |  Technology
Cyber crooks get business savvy
14 Jul 09 |  Technology
Downturn 'boosting cyber-crime'
09 Dec 08 |  Business
Cybercrime threat rising sharply
31 Jan 09 |  Davos 2009

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific