Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The alleged attacks saw funds transferred from the accounts of small businesses to unknown recipients in China. The criminals tried to send $US20 million ($A18.32 million) - of which the FBI knows - to accounts near the Chinese-Russian border, with some $11 million of the funds making it through the stop-checks in the international banking system.
“Between March 2010 and April 2011, the FBI identified incidents in which the online banking credentials of small-to-medium sized businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies,” the FBI said in a warning.
“In a typical scenario, the computer of a person within a company who can initiate funds transfers on behalf of the business is compromised by either a phishing email or by visiting a malicious website. The malware harvests the user’s corporate online banking credentials.”
According to the officials, when a compromised user tried to log on to the banking site, they were stalled with a phoney log-in page that said the accounts were unavailable, while the crooks accessed the account and transferred money to intermediary banks.
The funds were then shifted again to legitimate company accounts in China, although the FBI said it was unclear what happened to the money once it arrived.
“It is unknown who is behind these unauthorised transfers, if the Chinese accounts were the final transfer destination or if the funds were transferred elsewhere, or why the legitimate companies received the unauthorised funds,” the FBI said.
The money transfers ranged from $US50,000 to $US985,000 and company accounts were accessed using a number of malware tools, including ZeuS, Backdoor.bot, and Spybot.
This article originally appeared at pcpro.co.uk
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.