Wednesday, August 11, 2010

"Most dangerous trojan virus ever"

By Donald Sensing

That's what British cyber-security experts are calling a piece of malware that has cleaned hundreds of thousands of pounds sterling from British bank accounts.

About 3,000 online banking customers have been victims of a computer virus attack that empties their accounts while showing them fake statements so the scam goes undetected.
Experts have described the attack using a 'trojan' virus as the most sophisticated and dangerous malware program ever created.

The cyber criminals stole an estimated £675,000 between July 5 and August 4 and the attack is still progressing, experts warn.

The latest virus is a variant of the Zeus trojan banking virus which first emerged three years ago and is called Zeus v3.

M86 Security said: ‘We’ve never seen such a sophisticated and dangerous threat. Always check your balance and have a good idea of what it is.’

The scam was discovered after M86 gained access to the command-and-control server in Eastern Europe running the thefts.

It collects data such as passwords and even transfers money out of accounts automatically, but only after checking if there is at least £800 available.
This is malware the resides on personal computers, not on the banks' mainframes. So sophisticated is the virus that it even creates false electronic bank statements to conceal the thefts.

So where is the money going? From security firm M86's discovery that the C2 server is in Eastern Europe, it seems obvious that the transfers winds up in a former Soviet-bloc state, probably in the hands of the Russian mafia or a similar east Europe gang.

But the thought chills at one possibility of the money's eventual destination. Al Qaeda, which is re-recruiting US-backed Sunni tribesmen called the Sons of Iraq:
Al-Qaida is attempting to make a comeback in Iraq by enticing scores of former Sunni allies to rejoin the terrorist group by paying them more than the monthly salary they currently receive from the government, two key US-backed militia leaders have told the Guardian.

They said al-Qaida leaders were exploiting the imminent departure of US fighting troops to ramp up a membership drive, in an attempt to show that they are still a powerful force in the country after seven years of war. ...

Sheikh Sabah al-Janabi, a leader of the Awakening Council – also known as the Sons of Iraq – based in Hila, 60 miles south of Baghdad, told the Guardian that 100 out of 1,800 rank-and-file members had not collected their salaries for the last two months: a clear sign, he believes, that they are now taking money from their former enemies.

"Al-Qaida has made a big comeback here," he said. "This is my neighbourhood and I know every single person living here. And I know where their allegiances lie now."

The Sons of Iraq grew out of a series of mini-rebellions against militants associated with al-Qaida that started in late 2006.
Is there a connection between the bank thefts and the fact that al Qaeda is so flush with cash? Probably not. But it also may too coincidental to be a coincidence.