The Register® — Biting the hand that feeds IT

Feeds

Finnish police close case on phishing Trojan gang

Baltic sprats

By John Leyden, 10th May 2011
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Updated Finnish police closed on investigation on Tuesday after arresting 17 people suspected of involvement in a banking Trojan scam used to siphon off hundreds of thousands of euros held in accounts with Nordea Bank.

The alleged perpetrators, from Estonia and Finland, attempted to steal €1.2m through a series of over 100 false transactions starting early last year. Almost €178,000 remains missing, according to local reports.

Two of the suspects allegedly used malware to compromise the online banking accounts of 89 banking customers before compromised banking accounts were looted by local phishing fraud accomplices prior to the illicit transfer of funds to the masterminds behind the scheme, in Estonia.

"The Nordea attacks happened in early 2010," said Mikko Hypponen, chief research officer of F-Secure. "Police have finished the investigation now. We are not aware of similar attacks at the moment."

The Nordea Finland case related to the use of the Papras / Gozi strain of Trojan malware, according to Hyponnen, who said the investigation in the case started at the end of 2009 and officially closed on Tuesday. Of the 17 suspects in the case the majority (alleged phishing mules) have been released on bail. The two suspected masterminds in the case (both Estonian nationals) have been held on remand pending a trial, the date of which is yet to be set. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (4)
Latest Comments
Anonymous Coward
Anonymous Coward

Pretty impressive

The bank uses an 8-digit PIN plus one time pad to login. Transfers have to be confirmed using a separate mechanism. It appears to be a pretty solid mechanism.

The details of the trojan would be interesting. It appears users neglected to check that SSL encryption was in place.

0
0
Anonymous Coward

Misspelled

First the name is Mikko Hypponen, then Hyponnen.

Both are a bit wrong, as the name really is Mikko Hyppönen. But as computers, and americans can't handle ¨, Hypponen might be acceptable version.

0
0
Anonymous John

Phinnish police close in on phishing Trojan gang

Phixed it for you.

0
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Internet fraud still stings suckers
Australians twice as gullible as Americans
35