TechWeb

Swedish Bank Taken for Over $1 Million by Cyber Crooks

Jan 24, 2007 (01:01 PM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=197000355


Cyber crime apparently pays quite well. Swedish bank Nordea has acknowledged that about 250 of its online banking customers have been robbed of about 8 million Swedish kronor -- roughly $1.14 million dollars -- as a result of a targeted phishing campaign.

The attack took place over the past 15 months, according to Boo Ehlin, a spokesman for the bank. Swedish trade publication Computer Sweden reported that 121 people may have been involved in carrying out the attack, but Ehlin could not confirm that figure. The article identified Russian cyber thieves as being behind the attack.

The phishing e-mail was designed specifically to fool Nordea's online banking customers into downloading what was supposed to be an anti-spam application, according to computer security company McAfee. Those duped ended up with a version of the Haxdoor Trojan on their computers. The malware redirected them to a phony login page that captured their online banking user names and passwords.

"These types of Trojans are quite sophisticated," said David Marcus, security research and communications manager at McAfee Avert Labs. "It's not just something that's sitting in the background capturing screenshots. ...[T]hey're actually designed to wait for you to go to a specific financial institution, so they're not capturing everything."

"What they then do is redirect you to the fake Web site, which looks just like the real thing, and present you with what looks like a real login screen," explained Marcus. "There goes your account login, PIN, and money."

"The interesting thing is the bank actually did nothing wrong in this instance," said Marcus. "And this type of Trojan is something we run into a lot out in the wild. It's one of the largest classes of malware out there. So this attack is really nothing new. This particular one just happened to be a bit more successful than some of the ones we had seen."

Indeed, Nordea was hit with a similar attack in August 2005. The bank says it has almost 10 million customers, 4.6 million of whom bank online, in the Nordic and Baltic regions.

"We have reimbursed all the customers, so they will not take any loss," said Ehlin, who explained that the affected customers had outdated antivirus software or none at all. He said Nordea intended to make free antivirus software available to customers that don't have it already.

"It never ceases to amaze me that people will do online banking, exposing huge amounts of financial information, and not take basic precautions," said Marcus. "I was born in a really bad neighborhood and you're just taught to take certain precautions, like not walk down dark streets at night. And the Internet has to be approached the same way."