Who needs a gun? This computer virus will rob your online bank account

Everybody's worst online banking fears have come true -- for some German banking customers. The rest of us can hold our collective breath and hope that we don't have to deal with this, although it seems inevitable that some of us will.

A cyber-criminal gang in the Ukraine has developed a very elaborate system for not just stealing the money from bank accounts, but tricking the computer into displaying a fake online account -- so that in August, several hundred German customers were looking at their online bank account and seeing money that wasn't actually there.

Apparently, these fake online accounts aren't static either -- so if you transfer money from one account to another, it'll play along. The only way you won't realize you have no money is if you do banking from an uninfected computer or, say, go to your ATM. I can imagine the screams of horror emitting from some of these poor (literally) customers. I'm pretty sure if it had happened to me, I'd have had a stroke.
This lovely news was recently reported by the cyber-security firm, Finjan, based out of California, and now, of course, computer publications are over this, from PC World to Wired, which has posted the full Finjan report online, if you'd like to read it.

They call this computer virus the URLzone Trojan.

The way these customers became victims was by visiting a Web site, some fake and some real but compromised with a piece of computer code that once it gets into your own computer, can then get to all of the data on your machine -- your passwords, your e-mails, everything.

And then, as Wired explains, "the malware grabs the consumer's log in credentials to their bank account, then contacts a control center hosted on a machine in Ukraine for further instructions. The control center tells the Trojan how much money to wire transfer, and where to send it. To avoid tripping a bank's automated anti-fraud detectors, the malware will withdraw random amounts, and check to make sure the withdrawal doesn't exceed the victim's balance."

Well, hey, that's helpful and nice of these cyber-thugs -- no overdraft fees. Well, not until you start spending money you think you have but don't.

This gang was pretty sophisticated in their heist. They hired people, who thought they were working for a reputable company, to accept the money from these bank accounts and then send the money onward, making its way to the Ukraine gang, and making it harder to track them down. According to PC World, the thieves "managed to infect about 7.5 percent of the 90,000 computers they attacked before Finjan got access to their command-and-control server."

But in that time, the thieves were bringing in, in American dollars, $1,750 a day. That would have been over $630,000 a year, if they hadn't been stopped. As it was, CNET is reporting that in 22 days of August, the criminals took in $438,000, or about 301,000 euros.

So what does this all mean for the rest of us? I wish I had an answer, but common sense still seems to be the order of the day -- be very vigilant in making sure your computer is extremely well protected and, of course, try to avoid going to any really strange looking, unfamiliar Web sites that might have these Trojan codes lurking around in the first place.

Geoff Williams is a regular contributor to WalletPop, mostly writing about banking issues. He is also the author of the non-banking book, C.C. Pyle's Amazing Foot Race: The True Story of the 1928 Coast-to-Coast Run Across America (Rodale).
Read Full Story

From Our Partners