A concerted effort to defraud people in the United Kingdom using internet means have become successful during the first week of July and the perpetrators have gone away unscathed with a little bit over a whopping one million dollars or six hundred seventy five pounds. The United Kingdom online banking system has been under scam attacks in recent years but this recent one has been the most successful so far. The target was a specific Great Britain bank, name undisclosed and it reports trickling in have shown that at the very least three thousand of the bank’s online customers, or thereabouts, have had their banking information compromised through the use of the Zeus Trojan virus. The source of the online scam was traced to a tiny Eastern European country.
The online starts out if an individual visits a valid website that has unknowingly been hosting the Zeus Trojan malware. Or it can be a simple legitimate online advertisement infected with the same malware, in fact Yahoo’s Yieldmanager.com was one of the carriers of the said adverts. Now, the individual will be redirected to an exploit kit, and the ones discovered were the Phoenix Exploit Toolkit and the Eleonore Exploit Toolkit, and these two items unloads the Trojan on the person’s computer. The exploit toolkit runs a test on any of the following softwares: Internet Explorer, Java, or the Adobe Reader and checks which it can infect.
And when the individual begins to open his online banking account, his pertinent information which includes his password, log-in identification, security number, birthday, and other important identifying personal details are automatically transferred to the command and control network setup in Eastern Europe.
Now the controlling scam group immediately determines the amount of cash it can automatically withdraw, not too much to trigger a fraud alert that most banks have, transfers it to innocent bank accounts termed as money mules and funnels the accumulated money to their own surreptitious bank accounts scattered in different countries. Strangely, the banking institution initially offered free security softwares to its subscribers but were either turned down by the victims or the software just did not work at all.
There was a similar attempt was made on the United States shores on fifteen banks associated with the Verified software by Visa and Mastercard Securecode credit cards. It was also determined that very few antivirus softwares could have tracked and stopped the Zeus Trojan virus making it virtually undetectable and successful in its conquest of compromised computers. In the meantime, the advice is to use sandboxed virtual browsers which isolate the browsing process making it totally free from external capture. Just goes to show, no amount of security is really that secure.
Comments on this entry are closed.