Godlike Productions Banner
04:56 PM
NEW GLP LIVE VOICE & TEXT CHAT
ForumDiscussion TopicsAdvanced SearchMembers DirectoryClick Here To Donate To GLP!
ForumTopicsAdv. SearchDirectory Donate To GLP

News





  Sunday, November 22, 2009  
  Breaking News     Back
Bank Botnet Serves Fake Info to Thwart Researchers

Wired

2009-10-07

Researchers tracking a gang of online bank thieves found that the criminals have deployed a devious means to thwart law enforcement and anyone else trying to monitor their activities.

The gang behind the URLZone trojan, which siphons money from online bank accounts and then alters a victim’s online bank statement to hide the fraud, have also devised a method to hide the accounts of mules they use to launder the siphoned funds.

Researchers at RSA’s FraudAction Research Labs say the gang was aware that their malware was being tracked by investigators, so they programmed their command and control server to generate non-mule accounts to make it more difficult for law enforcement and fraud investigators to halt laundering through the real accounts.

The URLZone is a Trojan that has been targeting customers of several top German banks. The victims’ computers are infected with the Trojan after visiting compromised legitimate web sites or rogue sites set up by the hackers.

Once a victim is infected, the malware detects when a user is logged into a bank account, then contacts a control center hosted on a machine in Ukraine to initiate a money transfer from the victim’s account, without the victim’s knowledge. The control center tells the Trojan how much money to wire transfer from the victim’s online bank account and which mule account should receive the transfer.

The money gets transferred to the legitimate bank accounts of unsuspecting money mules who’ve been recruited online for work-at-home gigs, never suspecting that the money they’re allowing to flow through their account is being laundered. The mules then transfer the money to the thieves’ chosen account.

Researchers, hoping to extract a list of mule accounts from the command and control center, infected honeypot computers with the URLZone Trojan. But when the computers contacted the command and control center to collect a mule account, the command center fed them “fake” accounts.

The fraudsters developed a series of tests to check infected computers to determine if they’re “legitimate” URLZone-infected machines. For example, every infected computer is assigned a unique identification code by the Trojan. If the ID is not a valid Trojan ID known by the server, the fake computer gets fed one of 400 non-mule accounts. The non-mule accounts are legitimate bank accounts, just not ones the criminals are using to launder money.

“Interestingly, when generating a non-mule account in order to dupe anti-fraud security researchers,” RSA researchers write on their blog, “the Trojan does not display random names and account numbers. Instead, it displays real bank account details that were previously entered by URLZone victims as the payees of legitimate transactions.”

The RSA researchers call this the “most unique attribute” of the botnet, which “speaks to its operators’ caution against having their criminal pipelines compromised.”

  Email Article

  Discuss in the Forum

Back

Click Here To Donate To GLP!



 Valid HTML 4.01 Transitional



Disclaimer:
This website exists for entertainment purposes only. The reader is responsible for discerning the validity, factuality or implications of information posted here, be it fictional or based on real events. Moderators on this forum make every effort to review the material posted on this site however, it is not realistically possible for our small staff to manually review each and every one of the more than 10,000 posts GodlikeProductions gets on a daily basis.

The content of post on this site, including but not limited to links to other web sites, are the expressed opinion of the original poster and are in no way representative of or endorsed by the owners or administration of this website. The posts on this website are the opinion of the specific author and are not statements of advice, opinion, or factual information on behalf of the owner or administration of GodlikeProductions. This site may contain adult content and if you feel you might be offended by such content, you should log off immediately.

Not all posts on this website are intended as truthful or factual assertion by their authors. Some users of this website are participating in internet role playing, with or without the use of an avatar. NO post on this website should be considered factual information on face value alone. Users are encouraged to USE DISCERNMENT and do their own follow up research while reading and posting on this website. Godlikeproductions.com reserves the right to make changes to, corrections and/or remove entirely at any time posts made on this website without notice. In addition, Godlikeproductions.com disclaims any and all liability for damages incurred directly or indirectly as a result of a post on this website.

This site is provided "as is" without warranty of any kind, either expressed or implied. You should not assume that this site is error-free or that it will be suitable for the particular purpose which you have in mind when using it. In no event shall Godlikeproductions.com be liable for any special, incidental, indirect or consequential damages of any kind, or any damages whatsoever, including, without limitation, those resulting from loss of use, data or profits, whether or not advised of the possibility of damage, and on any theory of liability, arising out of or in connection with the use or performance of this site or other documents which are referenced by or linked to this site.

Some events depicted in certain posting and threads on this website may be fictitious and any similarity to any person living or dead is merely coincidental. Some other articles may be based on actual events but which in certain cases incidents, characters and timelines have been changed for dramatic purposes. Certain characters may be composites, or entirely fictitious.

We do not discriminate against the mentally ill!

Fair Use Notice:
This site may contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. Users may make such material available in an effort to advance awareness and understanding of issues relating to civil rights, economics, individual rights, international affairs, liberty, science & technology, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C.Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.
For more information please visit:
http://www.law.cornell.edu/uscode/17/107.shtml

Please be aware any communications sent complaining about a post on this website may be posted publicly at the discretion of the administration.

This Disclaimer is subject to change at anytime.

Mail Webmaster with questions or comments about this site.

Privacy Policy - Terms Of Use


Copyright 1999-2009 © GodLikeProductions.com

Page generated in 0.001s (1 queries)