Up to 250 customers at Sweden's largest bank are thought to have been hit by the attacks, which have taken place over three months.
The attack worked by targeting Nordea's customers, who were asked to download an anti-spam program. Anyone who downloaded the 'raking.zip' or 'raking.exe' files was infected by the 'haxdoor.ki' Trojan.
The Trojan activated itself when users tried to log in to their online account at the bank.
The software stole users' information before displaying an error message asking the client to resend the data. Criminals then had the two access codes needed to transfer money from the account.
Despite having a list of 121 suspects, the bank and the Swedish police have been unable to stop the attacks.
Police have discovered that the user information was sent to servers in America, before being forwarded to Russia.
"This is a worrying concern for any online bank user, as the threat of cyber-crime targeting 'safe' institutions becomes an ever more real concern," said security firm McAfee in a statement.
McAfee recorded more than 17,000 phishing reports per month in 2006, and its research showed that 90 per cent of people are still unable to recognise a well constructed phishing message.
Swedish bank hit by ($1.5M) internet fraud
By Matt Chapman on Jan 22, 2007 9:37AM