back to article Malware gang steal over £700K from one British bank

A banking Trojan attack has led to the fraudulent withdrawal of more than $1m from online banking accounts maintained with a UK bank since the start of July, according to security researchers. Web-based malware based on the infamous Zeus cybercrime toolkit is being used to steal money via the unnamed bank's online banking …


This topic is closed for new posts.
  1. irish donkey

    reportedly only targeting victims who had a substantial balance

    that's me safe then.

  2. PsychicMonkey

    i'm not being funny but...

    is £800 really a substantial amount?

    Surley most people have at least that much in their account at least once a month?

    beer, cause if I give my money to the pub the bastards can't nick it.

  3. Anonymous Coward

    Since when was £800 in your account "substantial"?!

    Surely eveyone has this kind of money after they get paid?

    1. Chemist

      Re : Since when was £800 in your account "sub

      Too may people I fear only have a substantial amount after being paid for a microsecond and then their overdraft gets deducted !

    2. The BigYin

      In it? Probably.

      Someone on average wage and with various outgoings would probably not have £800+ in their account for very long.

    3. basa48

      £800 ???

      I have £several thousand overdraft. I'm NEVER in the black, so I'm well safe!!!

      I wish they'd hack me and SEND some money - please!!!

      1. LinkOfHyrule


        Hehe, yeah a banking trojan that robs the rich to give to the poor! Only downside is that it checks you geolocation and only works if you live in Nottingham!

        I bet someone now replies saying "well actually, Robin Hood was from Yorkshire"!

    4. Field Marshal Von Krakenfart

      £800 in your account is "substantial"

      Since most banks adopt a daily limit on the amount of cash that can be withdrawn from an ATM in one day, usually 700, they want accounts where they can withdraw the maximum amount. No point in letting somebody know their account details have been compromised for just 20 quid, is there?

  4. The BigYin

    Which bank?

    I think this is pertinent information.

  5. Guido Esperanto

    surely that IS the point.

    Most people working will have £800 in their account at least one day in a month.

    Then that presents a far greater target to hit. If you increase the amount to something actually representing "substantial", say £20k+ then you limit your attack base.

    simple (if immoral) economics.

  6. basa48

    £800 ??

    I have £several thousand overdraft, I'm NEVER in the black. So I'm well safe!!!

    I wish they'd hack me and SEND some money!!

  7. Mark Allen

    Any bank

    I saw this in the wild last month. The AV and anti-spyware on my client's PC failed to spot the Trojan. (I had to delete by hand using an Unbuntu boot disk)

    On my client's PC, when they accessed their bank account, the virus was sitting as a proxy on the PC swapping the pages that would appear on the screen. The initial bank "front page" looked normal, and asked for the account number.

    Then the second page which normally asks for "second, fourth and eighth" characters of the password was swapped for a VERY convincing looking fake page which asked for ALL of the password to be entered.

    I am glad I scare by clients into paranoia as this client spotted the change of procedure at that stage. Even though the quality branded AV and anti-spyware programs could not spot it.

    Most people will just assume that the Bank has changed its login system and carry on regardless. So this does not surprise me that it has landed so much cash for the scammers.

    (Though I do wonder why the bank did not spot the patterns of cash transfers earlier?)

    I am not naming the bank as there is no point. This is a scam that is probably running on many banks at the same time as it is such a clean looking con.

  8. Paul Smith


    "the cyber criminals have successfully stolen £675,000 ($1,077,000)" and how exactly would the amount be known by anyone other then the criminals?

    Does the bank is question know it is being scammed and not care? Perhaps it thinks it is cheaper to ignore then acknowledge? Either way, I am sure they wouldn't publish the figure.

    Or does this 'security consultancy' have the means to monitor the exact amounts being transfered? So why didn't they stop them? Perhaps they were waiting for it to pass the Million Dollar mark to make it interesting 'news', or perhaps they are touting this around to sell their services. "Pay us X amount and we will tell you if you are the victim of this scam." Now there is an idea I could sell on Dragon's Den.

    1. Robert Forsyth

      My guess

      $1M converted to £ then back again on different days

  9. j33zO


    "Researchers at the M86's Security Labs came across the attack after discovering the botnet's command & control centre" - so the bank didnt detect it themselves??

  10. Vic

    I've seen quite a bit of this

    I've seen this several times over the past week - the major AV suites all seem to miss the infection (although the Microsoft MSRT catches it). The giveaway symptom is that you cannot get to Windows Updates. Running Wireshark on the cable shows that neither IE nor Firefox even do a DNS lookup. I haven't tried other browsers, but I expect them to be the same.

    The other thing that Wireshark shows is the retrieval of target URLs from a machine in Eastern Europe. The PC then goes on to do the biggind of its bot master. Mostly click fraud, but passwords are also being stolen, and all search traffic seems to be echoed to a snooping server.

    One of my customers uses online banking. I told him he had this infection, and that he should change all his passwords as a matter of urgency. He phoned the bank, just as I said he should. They replied that he could change his credentials himself on another computer. Nice to see the banks taking security so seriously - I mean, what harm can compromised credentials do?


    1. Chemist

      Re : I've seen quite a bit of this →

      People use WINDOWS for internet banking ????

  11. Anonymous Coward

    solution to online scams

    Run Lubuntu from a USB device ...

  12. Chemist

    Re : Security

    Apart from the obvious - long & complex passwords e.g zagy166Fts544ftbO4AQ31 ( Yes I don't write them down and yes I have a way to generate them on the fly from easy-to-remember passphrases)

    Anyone care to guess the passphrase ( hint : it's easier that way round)

    But esp. change to another non-admin account that's used just for banking ( hell have as many accounts as accounts)

    Oh !, don't use Windows

    1. yoinkster

      do feel free to depart

      I have no love for windows but seriously man, shut up! I have used windows to do my internet banking since my bank set the service up way back when, I have been through dodgy browsers and running with no AV or firewall and guess what, I have never lost a penny or control of my machine.

      There are some incredibly basic steps that can be taken to provide yourself with total security - don't store passwords in a document on the machine, don't be donkey and click on links in e-mails from your "bank" and most importantly, as every online bank will tell you, "WE DON'T EVER ASK FOR YOUR WHOLE PASSWORD AND WHOLE PIN, NEVER GIVE IT OUT." ... whether you are running windows or linux, if you are retarded enough to blindly fill out a form then more fool you, you get no sympathy from me for your loss if you cannot follow basic instructions.

      1. Chemist

        "I have never lost a penny or control of my machine."


    2. Anonymous Coward
      Anonymous Coward


      is it "I've got way too much time on my hands" ?

    3. No, I will not fix your computer

      OK - I'll give it a go.....

      Is it "I have no friends and snort when I laugh"?

  13. Anonymous Coward

    untraceable wire transfers

    Untraceable wire transfers.... Wouldn't that be the first thing to fix? For being an industry with 7 digit bonuses it seems a poor show that money can disappear through untraceable transactions.

    Aren't we sending all our SWIFT international transactions to the US so that they can fight terrorists? How is that supposed to work exactly if the transactions of a botnet are untraceable????

This topic is closed for new posts.

Other stories you might like