A criminal group has with an attack on bank customers at least 36 million euro captured. They used malware that tan-codes are intercepted. The attackers, possibly from the Ukraine, lwa ne come, in time, Dutch internetbankierders.
The botnet that was used to attack computers was discovered by security company Versafe and was in collaboration with Check Point is largely taken offline. “We have all the domain names which we know that the malware contact with sought, taken offline,” says Tomer Teller from Check Point. Or the botnet could be resurrected, according to Counter is not to exclude, but there will simply be the necessary effort for them to do: they will then all victims should be re-infect because the domain names of the command-and-control servers from the air are removed.
In total, the malware Zeus-based attack, by the security companies Eurograbber called, 36 million euro captured. Were bank customers in Italy, Germany, Spain and the Netherlands are the dupe. The damage in the Netherlands is the smallest: the attackers took $ 1.2 million of loot. In Italy it went to 16.4 million euro and in Germany was 12.7 million euro ontfutseld. In total, 30.000 internetbankierders affected, of which 940 in the Netherlands. Victims lost amounts between 500 and 250,000 euros; on average it was about 1200 euro per person.
The malware was able to be the system of tan-codes to work. In the Netherlands ING tan-codes, in full transaction authentication number, to make transactions more secure: at the transfer of money a user gets a tan code via sms sent to which he must enter to confirm the transaction. Incidentally, the tan-codes, if desired, on a paper list to be sent to you. It is unknown which banks in the Netherlands are affected; or ING is affected, is not clear.
Eurograbber excluded the tan-authentication system by the user malware to install on the phone of the user. When logging on to the bankensite caused the malware to ensure that there is a notice displayed that it wanted to ‘security software’ to install; in fact intercepted that software the tan-codes and sent them through, so that the attackers money from the account could steal with the valid tan code. The mobile malware was available for Android and BlackBerry OS.
