Swedish bank Nordea was the target of one of the largest
online heists. The bank lost between 7 to 8 million Swedish kronor (a
little over $1.1 million USD) in a phishing scam that had been taking place
over the last 15 months, according
to ZDNET UK.
Officials say the "bank robbers" used phishing emails to lure bank
customers into opening emails with attachments entitled "raking.zip"
or "raking.exe." The attachments were disguised as anti-spam
software, but contained a Trojan which security companies called
Close to 250 Nordea customers were taken by the fraud. It was also said
that attacked customers did not have anti-virus software on their
computers. Security officials claim Russian organized criminals are
responsible for the heist, with no less than 121 people suspected to be
involved. Even more damning, Swedish police traced computer servers first
in the U.S. and then to Russia.
"Haxdoor.ki" is typically know to install keyloggers to record
keystrokes, then hides itself using a rootkit. When users attempted to
activate their Nordea accounts online, the Trojan automatically responded by
bringing the customer to a fake bank homepage.
When the customers entered their personal information, including bank numbers
and passwords, the website would load to an error page claiming that the site
was having technical difficulties. The criminals then used the gathered
information on the real bank page and withdrew funds from customer accounts.
Nordea claimed it knew that a few of the transactions had been false due to the
unusual activity under the accounts, but a majority of the transactions had
been small withdrawal amounts, therefore making it difficult to identify real
transactions from the fraudulent ones. Nordea spokesman Boo Ehlin claimed
that most of the fraudulent cases were small amounts that the company thought
Currently, a police investigation is underway and the bank is reviewing its
quote: Security officials claim Russian organized criminals are responsible for the heist,