Advertisement
Home arrow ITsec News arrow Cracking from Russia
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
Cracking from Russia PDF Print E-mail
User Rating: / 5
PoorBest 
Thursday, 25 January 2007

 Dire straits for Swedish subjects’ online affairs.

Last week it was discovered a $1 million online banking theft against the Scandinavian bank Nordea. The attack was traced to a Russian cracker known by the handle “the Corpse.” Both the attacker’s identity and the nature of the virus are still under investigation, we just know that the virus is a Trojan horse  which works by logging the passwords entered by banking customers.

 The Trojan seems to be a variant of the Haxdoor Trojan that already infected over 2300 computers last October.

This version of the Haxdoor Trojan  was activated when a customer typed the bank’s address into a browser. Passwords were then recorded and used to get the access to online banking accounts. Later, money was transferred to new accounts and cash was finally withdrawn.

 

According to the Washington Post, The Corpse is likely to be the author of the original version of Haxdoor and of many new versions such as A311 Death and Nuclear Grabber  that are now available for sale on a Russian web site. As confirmed by virus researchers at Kaspersky Labs in Moscow, The Corpse is known as a virus developer who usually sells his “products” to crackers. This means that he could not be directly involved in the fraud to the Swedish bank.

  

The fraud  hit 250 customers of Nordea in 15 months, but the bank’s spokesmen declared that only the users who hadn’t provided proper protection to their computers were involved in the swindle. Anyway, the bank provided compensation to it customers.

  

According to Swedish police the Trojan horse was distributed with spam e-mail and it was designed to attack customers of many European and American banks. Police also declared that they have already arrested a number of people (both from Sweden and from abroad) who tried to withdrew cash from Nordea branches after making online transfers.

 

During police interrogations it was also discovered that some of the money was sent to Russia and that the stolen passwords were first transmitted to a server located in the USA but they were then forwarded to a computer server in Russia.

 

This case highlighted again the situation of Russian underground community, that is backed by a strong tradition and interest in computer sciences but it is not supported by an effective regulation: a combination that encouraged the development of a structured and skilled community of cyber pirates.


Comments Index (Total Messages: 1)
another day in earth Written by Guest on 2007-01-26 01:39:09

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!