Hacker "soldier" steals $3.2 million

Powered by SC Magazine
 

Australia escapes.

A hacker known in the cybercriminal underground as “soldier” has stolen $3.2 million from major US corporations in the past six months, according to researchers at anti-virus firm Trend Micro.

The attacker, believed to be in his early 20s and residing in Russia, used toolkits to plunder millions of dollars from corporate bank accounts since January.

The hacker oversees a network of money mules and accomplices, who are believed to reside in West Hollywood and Venice, California.

Trend researchers have been investigating the hacker's operations since April and have notified federal authorities, Trend Micro threat research manager Jamz Yaneza said.

Organisationa cross a wide number of industries including military, educational and research institutions; airports; banks; and automobile, media and technology firms, were affected.

Yaneza said he could not name the victim corporations due to an active federal law enforcement investigation.

A number of home users have also been victimised, he said. While nearly all of the victims are located in the United States, a small amount reside in some 90 countries, including Britain, Brazil, Mexico, Thailand, Turkey, Saudi Arabia, India, Romania, and Canada.

Yaneza said the hacker heavily relied on the SpyEye and Zeus tookits, which come with full support and regular updates and are available for purchase on black market.

Starting around January, the intruder began using Zeus to compromise users' systems via drive-by downloads.

Once compromised, computers were infected with banking trojans that automated online banking fraud, Yaneza said. The malware is capable of siphoning small increments of money at a time out of bank accounts without users noticing.

SpyEye and Zeus are routinely used to steal credentials from high-profile sites such as Facebook, Yahoo, Google, eBay, Amazon, Twitter, PayPal and Skype.

To increase the number of infected computers under his control, the hacker began using the stolen funds accrued from the operation to lease out infected machines from other criminals.

Between April 19 and June 29, the hacker amassed a botnet of more than 25,000 systems, 57 percent of which were running Windows XP, according to Trend Micro researchers.

Some 4500 infected systems were running the latest Windows operating system, Windows 7.

“Given that the tools are being sold on the underground, this is just one example of what dozens [of criminals] could be doing,” Yaneza said.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1760

Vote
Do you support the abolition of the Office of the Information Commissioner?