Kaspersky Lab has found proof of a targeted attack against the clients of a large European bank which has needed the robbers half a million euro in a week.
The campaign started on 20 January this year when a command and control server was detected on the net. The server’s control panel indicated evidence of a Trojan program used to steal money from clients’ bank accounts.
More than 190 victims could be identified, most of them located in Italy and Turkey. The sums stolen from each bank account, according to the logs, ranged between 1,700 to 39,000 euro.
Two days after Kaspersky Lab discovered the C&C server, the criminals removed every shred of evidence that might be used to trace them.
Vicente Diaz, Principal Security Researcher at Kaspersky Lab, said that the Bank had been notified and the coppers.
It is believed that key financial data was intercepted automatically and fraudulent transactions were carried out as soon as the victim logged onto their online bank accounts.
It is not clear what malware software was used in this campaign. However, many existing Zeus variations could do it.
The stolen money was passed on to the crooks’ accounts and participants in the scam receive some of the stolen money in specially created bank accounts and cash out via ATMs.
It is expected that the scam will re-appear somewhere else in the future.