:: iklaneka ::

Friday, October 2, 2009

Cybercriminals use Trojans and money mules to loot online bank accounts

Finjan unveiled new research which uncovered new techniques used by cybercriminals to rob online bank accounts.

The techniques described in this report looks like the start of a new trend that is expected to grow. These techniques add functionality aimed to minimize detection by traditional anti-fraud technologies in use by banks.

Research shows how a cybergang used a combination of Trojans and money mules to rake in hundreds of thousands of Euros and to minimize detection by the anti-fraud systems used by banks.

The cybercriminals used compromised legitimate websites as well as fake websites, utilizing the crimeware toolkit LuckySpoilt to infect visitors. After infection a bank Trojan was installed on the victims’ machines and started communication with its Command & Control (C&C) server for instructions.

These instructions included the amount to be stolen from specific bank accounts and to which money mule accounts the stolen money should be transferred. Furthermore, the Trojan forged onscreen bank statements concealing the true transaction amount to dupe the account holders and their banks.

The cybercrime intelligence report covers the following:
  • Cybercriminals use sophisticated crimeware tools to steal money online and avoid detection
  • They use compromised legitimate websites as well as fake ones to infect visitors with their crime toolkit
  • Once infected, the Trojans get instructions from its Command &Control center to rob bank accounts
  • Instructions include criteria for the amount that should be stolen from an individual account
  • This method is a highly-effective, “Anti anti-fraud” system detection tool
  • Once the money is stolen, the Trojan creates a forged bank statement to hide the theft
  • The stolen money is transferred to a money mule account and then forwarded to the cybercrooks to prevent any direct money trail
  • The cybergang was able to steal Euro 300,000 in 22 days.
"Cybercriminals continue to follow the money, with bank accounts steadily remaining a favourite among their targets. To avoid detection, cybercriminals continue to improve their methodologies for stealing money and going under the radar from the victims and banks alike. With the combination of using sophisticated Trojans for the theft and money mules to transfer stolen money to their accounts, they minimize their chances of being detected,” said Yuval Ben-Itzhak, CTO of Finjan.

Money mule accounts are legitimate bank accounts owned by legitimate bank users. Cybercriminals hire ‘mules’ by falsely telling them they are working for a legitimate business. These bank account owners or “mules” are normally unaware that they are “muling” stolen money, but think that they are being paid for “working from home” and other moneymaking schemes.

To avoid warning signs by anti-fraud systems at the bank, the money mule accounts are only used for a limited number of times within a certain timeframe. Since banks monitor large bank transfers, the amount of money deposited in a money mule account is predefined in order to stay under the radar.

The report shows in detail how this cybergang worked and provides recommendations how individuals and banks can protect themselves.

A closer look at Microsoft Security Essentials

Microsoft has released a free (for personal use) anti-malware service that protects against viruses, spyware and other malicious software. Security Essentials is designed to run quietly in the background alerting users only when there is an action for them to take.

It uses real-time protection to help prevent PCs from becoming infected, and takes advantage of the company’s Dynamic Signature Service. It runs on Windows XP, Windows Vista, and Windows 7 (both 32-bit and 64-bit versions).

To use this software, you have to pass a "piracy check" - that is, the scan that makes sure that you have a genuine, licensed copy of the Windows OS. During the installation process, you are also advised to remove other antivirus or anti-malware programs because the may conflict with the Essentials.

Upon running the program, it is automatically updated with all the latest virus and spyware definitions. Then you are ready to start the scan:

Scan results and the removal process:

Except maybe for the first time, I wouldn't recommend the full scan, since it takes quite a long time (around 30 minutes on my disk).

The Settings menu allows you to to define a schedule for scans and lets you choose the default actions to execute when a potential threat is detected:

You can also turn on the real-time protection option that lets you know when malware is trying to install itself on your computer:

During the scanning, or in general, you can also make a list of files, file types or processes that should be excluded from the check.

Advanced options include:

All in all, Microsoft Security Essentials is a program that offers an array of options that you can find in most anti-malware software. It's very user friendly, but a little on the slow side.

Drafting buletin layout - AI or CD ?

Adobe Illustrator (AI) atau Corel Draw XX (CD) ? Begitulah persoalan yang timbul dalam fikiran saya ketika saya mula2 involve dalam arena desktop publishing (sekadar memenuhi tugas harian dan bukan sebagai rutin harian atau hobi). Saya mengenali arena desktop publishing ketika saya di tingkatan 4 di sekolah menengah. Saya saja main2 dengan AI. Yang main2 tulah yang menyebabkan saya semakin serius nak trial & error software tu. Akhirnya saya berjaya hasilkan satu karya bisnes kad yang simple tapi menarik. Itu kata member seperjuangan dengan saya ketika itu. Sejak dari hari tu saya semakin berani untuk trial & error sebab aktiviti ini tidak melibatkan apa risiko atau beban. Akhirnya saya berjaya hasilkan satu buletin kecil untuk Badan Disiplin sekolah ketika itu tapi tak dirasmikan kewujudannya. Jadi, projek tersebut terbengkalai.

Ketika saya berada di kolej, saya biasakan diri untuk menggunakan software desktop publishing yang lain seperti Publisher dan sebagainya. Alhamdulillah, saya berjaya kuasai dalam masa sehari sahaja sebab saya dah biasa dengan AI. AI lebih advance berbanding Publisher. Saya berjaya hasilkan satu buletin setebal 4 helai untuk persatuan pengajian di kolej. Saya sempat hasilkan 3 keluaran buletin tersebut. Alhamdulillah. Sambutan begitu menggalakkan. :-)

Itu dulu. Masa mula2 saya involve dalam arena ini. Sekarang saya lebih suka menggunakan Corel Draw X3 sebab software ni lebih ringan dan tak kelam kabut berbanding AI. AI nampak serabut dan berat. Kena pakai RAM yang tinggi. Itu yang malas nak pakai AI tu. Lagikan banyak effect yang saya kena buat secara manual. CD mudah saja. Just drag & drop jer.

Ok, sekarang saya nak drafting buletin ofis untuk keluaran minggu pertama Oktober 2009. Semestinya saya pakai Corel Draw X3! :-)

Hakcipta Terpelihara PANDUANOSS 2009-2012. Sebarang pertanyaan sila emailkan ke : mamn85@gmail.com