backtop


Print 14 comment(s) - last by malware.. on Jan 24 at 9:02 PM

Walking into a bank with a ski mask is old fashioned

Swedish bank Nordea was the target of one of the largest online heists.  The bank lost between 7 to 8 million Swedish kronor (a little over $1.1 million USD) in a phishing scam that had been taking place over the last 15 months, according to ZDNET UK.

Officials say the "bank robbers" used phishing emails to lure bank customers into opening emails with attachments entitled "raking.zip" or "raking.exe."  The attachments were disguised as anti-spam software, but contained a Trojan which security companies called "haxdoor.ki."

Close to 250 Nordea customers were taken by the fraud.  It was also said that attacked customers did not have anti-virus software on their computers.  Security officials claim Russian organized criminals are responsible for the heist, with no less than 121 people suspected to be involved.  Even more damning, Swedish police traced computer servers first in the U.S. and then to Russia.

"Haxdoor.ki" is typically know to install keyloggers to record keystrokes, then hides itself using a rootkit.  When users attempted to activate their Nordea accounts online, the Trojan automatically responded by bringing the customer to a fake bank homepage. 

When the customers entered their personal information, including bank numbers and passwords, the website would load to an error page claiming that the site was having technical difficulties.  The criminals then used the gathered information on the real bank page and withdrew funds from customer accounts.

Nordea claimed it knew that a few of the transactions had been false due to the unusual activity under the accounts, but a majority of the transactions had been small withdrawal amounts, therefore making it difficult to identify real transactions from the fraudulent ones.  Nordea spokesman Boo Ehlin claimed that most of the fraudulent cases were small amounts that the company thought were ordinary.

Currently, a police investigation is underway and the bank is reviewing its security procedures.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By malware on 1/24/2007 9:02:57 PM , Rating: 2
The nordea rootkit derived attack could not have been stopped by any security software, This is Microsoft's official technical bulletin on rootkits; http://www.microsoft.com/technet/sysinternals/util...
in particular this paragraph;

Is there a sure-fire way to know of a rootkit's presence
In general, not from within a running system. A kernel-mode rootkit can control any aspect of a system's behavior so information returned by any API, including the raw reads of Registry hive and file system data performed by RootkitRevealer, can be compromised. While comparing an on-line scan of a system and an off-line scan from a secure environment such as a boot into an CD-based operating system installation is more reliable,{ otherwise known as whitelisting} rootkits can target such tools to evade detection by even them. The bottom line is that there will never be a universal rootkit scanner, but the most powerful scanners will be on-line/off-line comparison scanners that integrate with antivirus.

In short, Microsoft is telling the world, Windows can never be secured from rootkit attacks. And yet the token vendors, and security software vendors, continue to spout garbage about the subject, and charge squillions of dollars for solutions that do not work against new rootkit attacks, thewy can only address "known threats"......what a joke, albeit an expensive one at that, guess the terrorists of the world will continue to have free funding for a long while yet.




"There's no chance that the iPhone is going to get any significant market share. No chance." -- Microsoft CEO Steve Ballmer











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki