Trojans, Mules, Mean Big Payoff

Friday, September 16, 2011 @ 01:09 PM gHale


A Russian in his early 20s is the leader of a cyber gang using banking Trojans and money mules to earn themselves millions of dollars in a very short period of time.

While this isn’t about a manufacturing automation cyber incident, this case could prove to be a warning of the potential problems facing manufacturers in the near future.

RELATED STORIES
More Linux Attacks
Compromised Sites Distributing Trojan
A Trojan Distribution Network
ZeuS Spin Off Hits Cyber Street

This group has been under surveillance for a while by Trend Micro researchers, who said “Soldier” — as the cyber gang leader is known in the criminal underground – has stolen over $3.2 millions in 6 months, starting in January 2011.

To that effect, this gang uses a variety of malware: the SpyEye and ZeuS Trojans for stealing online banking and other credentials, and a number of exploit kits to install them on target computers.

The majority of the infected computers are in the U.S., as are the money mules recruited by an accomplice believed to reside in Hollywood.

Researchers analyzed the IP addresses recorded by one of his SpyEye botnet’s C&C centers and have come to the conclusion that computers from various organizations and businesses suffered from a compromise, including those belonging to the U.S. Government and military, educational and research institutions, airports, banks and other companies in a variety of economical sectors.

Researchers feel all these organizations weren’t the main target of this gang. They were after easy money they could get by stealing online banking credentials and accessing the victims’ accounts, or by selling other stolen login credentials such as those for social networks, emails, PayPal and similar.

“Compromise on such a mass scale is not that unusual for criminals using toolkits like SpyEye, but the amounts stolen and the number of large organizations potentially impacted is cause for serious concern,” said the researchers, who are currently in the process of informing the owners of the enslaved machines about their findings.



Leave a Reply

You must be logged in to post a comment.