Automatic bank robbers making a killing

The days of masked robbers walking into a bank with a sawn off shotgun have gone the way of the Highwayman.

According to Reuters, a new wave of automated hacking of online bank accounts has lifted $78 million in the past year from customers in Europe, Latin America and the United States.

Insecurity experts working for McAfee and Guardian Analytics said that the weapon of choice is no longer a shooter but one of two families of existing malicious software, Zeus and SpyEye.

Previous versions of the software automate the transfer of funds to money mule accounts controlled by mates.

Guardian’s Vice President Craig Priess, whose firm specialises in protecting banks said that it is starting to look as if this is the beginning of a new robbery technique.

The software is sophisticated enough to defeat “chip and PIN” and other two-factor authentication. It also does not transferring the entire contents of an account at one time, which can trigger an alarm.

Automated versions have been used in Germany, the United Kingdom and Italy.

McAfee claims that the technology has been used by a dozen gangs against consumers and business clients of financial institutions in those countries and Colombia, the Netherlands, and the United States.

Dave Marcus, research director at Mcafee Labs said whoever was adapting the viruses had insider knowledge as to what the banks are looking for.

SpyEye and Zeus sare installed on computers that visit malicious websites or legitimate pages that have been compromised by hackers, as well as through tainted links in emails.

Some variants have even managed to captured one-time passwords, such as those sent from the banks by text messages. The only reason that they are not always used is because the bank robber has to be online at the time.

Another factor which prevents the bank robbers cleaning up completely is that they still need legitimate accounts to funnel the money too. Money mules are hard to come by particularly as they are more likely to be caught.