Tuesday, September 28, 2010

$10 Million Stolen in 3 Months by an e-Crime Gang in London

The London Metropolitan Police Central e-Crime Unit arrested 15 men and women who stole nearly $10 million from online bank accounts in only 3 months. The gang infected the personal computers of unsuspecting Internet users with a mass-market crimeware trojan named "Zeus" and transferred the money out of their victims' online banking accounts.

Police representatives said the total amount of money stolen will likely climb as the investigation proceeds.

The Zeus trojan is a very effective piece of "crimeware," software designed to conduct online crimes, that can be purchased for $300 on black market websites. Willing criminals do not have to be computer experts to operate a Zeus network. The authors of the Zeus trojan have automated most of the details of the crimeware's operation, and even offer guarantees that it will not be detected by antivirus programs.

The Zeus trojan comes with a "Command and Control" server that collects stolen data and can be configured to control hundreds of thousands of infected PCs, issuing instructions on how and where to transfer funds automatically out of online bank accounts.

The Zeus trojan is a top money-earner for online criminals worldwide. We use Zeus in our tests of SafeCentral WebProtection and verify that SafeCentral blocks the trojan's data-stealing features. Below is a screenshot from a control test of the Zeus trojan, showing keystrokes being collected out of a Bank of America online banking session when SafeCentral is not being used.

Stolen Data Report from a Zeus Trojan Server

No comments: