The Untouchables have issued a detailed warning about a Chinese wire-transfer scam that has been operating for a year.
Using the scam, an attacker compromises a PC belonging to a user at a company who has access to the company’s online banking account. The attack is carried out by a poisoned email.
The attacker installs some malware that harvests the user’s online banking credentials, and then waits for the user to attempt to log in to the bank’s site.
However when they log in, the attacker redirects the user to a fake site informing him that the bank’s site is offline or unavailable.
While they wait, the attacker then logs in to the victim’s bank account and sets up a transfer to a holding company that the attacker controls in China.
Most of the cases the Untouchables have seen are ordinary bits of malware, such as Zeus. The attackers have transferred cash ranging from $50,000 up to nearly $1 million.
The scammers are quite good at covering their tracks. The transfers were a few days apart and never used again, and different companies were used to receive the transfers.
All the fake companies include the name of a Chinese port city and have the words ‘economic and trade,’ ‘trade,’ and ‘LTD.’ in their official name, the Feds said.
The companies appear to be registered as legitimate businesses and hold bank accounts with the Agricultural Bank of China, the Industrial and Commercial Bank of China, and the Bank of China.
The FBI said that it has been tracking this specific string of attacks since March 2010 and that it has seen attempts to steal more than $20 million, although the actual losses suffered by victims is about $11 million