- Security vendor M86 Security says it's discovered that a U.K.-based bank has suffered almost $900,000 (675,000 Euros) in fraudulent bank-funds transfers due to the ZeuS Trojan malware that has been targeting the institution.
Bradley Anstis, vice president of technology strategy at M86 Security, said the security firm uncovered the situation in late July while tracking how one ZeuS botnet had been specifically going after the U.K.-based bank and its customers. The botnet included a few hundred thousand PCs and even about 3,000 Apple Macs, and managed to steal funds from about 3,000 customer accounts through unauthorized transfers equivalent to roughly $892,755.
Anstis declined to name the bank. He said the botnet used in the attack is based on version 3.0 of the ZeuS malware and appears to be controlled from Eastern Europe, with a server hosted in Moldava.
From the investigation into the botnet's server operations, M86 Security has found the criminals controlling the botnet waited until accounts reached at least 800 Euros before initiating a fraudulent funds transfer from the victim's compromised machine to a number of other accounts used by money mules who would forward the funds on to Eastern Europe.
Anstis says the victimized bank was offering "free security software" to customers but it wasn't clear if this software, which M86 declined to name, was in use when the fraudulent transfers were made. Anstis says the process of notifying the bank to let it know what M86 Security has discovered about the botnet was a somewhat frustrating experience.
"It took us a week and a half of running around," says Anstis, trying to get the attention of the security department there when M86 Security was not a known entity to them. M86 Security says it is publishing a report today about its findings.
It has been known for over a month that Trojan writers, by means of a ZeuS-based botnet, have been targeting U.K.-based banks and the Trusteer security software Rapport, which is used by U.K.-based HSBC, among others. Anstis declined to confirm or deny that HSBC was the bank in question.
Read more about wide area network in Network World's Wide Area Network section.