Original URL: http://www.theregister.co.uk/2010/08/10/zeus_uk_bank_ripoff/

Malware gang steal over £700K from one British bank

Cybercrooks scoop cash from thousands of accounts

By John Leyden

Posted in Security, 10th August 2010 11:02 GMT

A banking Trojan attack has led to the fraudulent withdrawal of more than $1m from online banking accounts maintained with a UK bank since the start of July, according to security researchers.

Web-based malware based on the infamous Zeus cybercrime toolkit is being used to steal money via the unnamed bank's online banking system. Researchers at the M86's Security Labs came across the attack after discovering the botnet's command & control centre, which is hosted in Moldova.

Victims were infected by a Zeus banking Trojan variant while browsing the net. The Trojan swiped the customer's online banking ID and hijacked their online banking sessions, reportedly only targeting victims who had substantial balances.

"It [the malware] checks the account balance and, if the account balance is bigger than £800 value, it issues a money transfer transaction," M86 reports.

Most such attacks include the use of phishing middlemen to obtain funds from compromised accounts and transfer them by untraceable wire transfer to the Eastern European masterminds behind the scam.

From 5 July, the cyber criminals have successfully stolen £675,000 ($1,077,000) and the attack is "still progressing", according to M86.

Early explanations of the attack leave a number of questions unanswered, such as the name of the bank targeted, the apparent use of a technique that dispenses with the use of phishing middlemen, and what steps have been taken to shut down the attack.

We've scheduled an interview with the US-based M86 researchers who discovered the attack for later on Tuesday, and will update this story when we hear more. ®