Hackers steal money from UK bank accounts

Cyber criminals are targeting people in the UK with two new sophisticated attacks to commit financial fraud.

According to security companies, the criminals are using the Zeus Trojan to infect PCs; once a PC is infected, it is used and controlled in an increasingly sophisticated way by the criminals as part of a botnet. Anything the user sees or types into their browser is captured by this technology.

The attacks are already having a serious impact. One uncovered by US security company M86 on 1 July specifically targets one UK bank. The company said it can't name the financial institution but already more than £675,000 has been siphoned off from more than 3,000 personal accounts.

The other attack reported by Trusteer at the beginning of August is more general. But it has already compromised more than 100,000 computers; of which 98 per cent are in the UK.

The criminals are generally using drive-by-downloads to infect PCs. Malicious code embedded into often legitimate sites finds vulnerabilities on a PC, which is then used to download malware.

The attack uncovered by M86 and called Zeus v3 botnet is particularly sophisticated, according to Bradley Anstis, vice-president of technical strategy for the security firm. The malware is hidden in adverts on legitimate websites and Zeus is being used to target one bank.

“This is a very worrying attack and very clever. The criminals are using what we call a 'man-in-the-browser' attack. Once they have infected a PC, the malware sits there watching and recording what a person does.

"The criminals are not only stealing people’s bank account details and passwords to break into an account but can also intercept and change online transactions between the bank and the account holder without the victim knowing.

"For example, if you want to pay £500 to your landlord, when you go to your online bank account the malware intercepts this transaction before the bank receives it and changes it to say £5,000 and directs it to a different account.

"The victim doesn't see this change. If a bank queries the amount, the criminals intercept the message, change the figure that the victim sees back to £500 but not the amount the bank sees. So the victim approves the transaction," he said.

Anstis also warned that two-factor authentication used for online banking, such as using card readers, will not stop this fraud.

Amichai Shulman, chief technology officer for security company Imperva, warned that the attack called Zeus v2 botnet uncovered by Trusteer could have more devious motives.

“It is not only harvesting bank and log on information, but also picking up all kinds of data which is being sent to a server in Eastern Europe and we believe this is being looked at to see if there is anything else that the criminals could use,” he said.

Computeractive has been told that no reports of financial losses have been reported through this attack yet, but when we talked to fraud prevention service Cifas, we were told it was probably only a matter of time.

“It is really too early for us to have heard anything. But we expect by the end of the year we will learn there have been victims,” a Cifas representative said.

The Metropolitan Police E-crime Unit told Computeractive it is aware of the attacks and is investigating along with other law-enforcement agencies.