Cybercriminals use Trojans and Money Mules to Loot Online Bank Account

SAN JOSE, California -

- In its Latest Cybercrime Intelligence Report, Finjan Shows how Cybercrooks Used a Combination of Trojans and Money Mules to Successfully Avoid Anti-Fraud Systems to Steal Euro 300,000 in 22 Days

Finjan Inc., a leader in secure web gateway products and the provider of a unified web security solution for the enterprise market, today unveiled new research from its Malicious Code Research Center (MCRC), which uncovered new techniques used by cybercriminals to rob online bank accounts.

(Logo: www.newscom.com/cgi-bin/prnh/20080618/309345 )

Finjan sees the techniques described in this report as the start of a new trend that is expected to grow. These techniques add functionality aimed to minimize detection by traditional anti-fraud technologies in use by banks. More than a year ago Finjan identified the Zeus bank Trojan which today has become one of the most popular Trojans used by cybercriminals to steal money from banks’ customers worldwide.

In its Cybercrime Intelligence Report, (www.finjan.com/Content.aspx?id=1367) Finjan’s Malicious Code Research Center (MCRC) shows how a cybergang used a combination of Trojans and money mules to rake in hundreds of thousands of Euros and to minimize detection by the anti-fraud systems used by banks.

The cybercriminals used compromised legitimate websites as well as fake websites, utilizing the crimeware toolkit LuckySpoilt to infect visitors. After infection a bank Trojan was installed on the victims’ machines and started communication with its Command & Control (C&C) server for instructions. These instructions included the amount to be stolen from specific bank accounts and to which money mule accounts the stolen money should be transferred. Furthermore, the Trojan forged onscreen bank statements concealing the true transaction amount to dupe the account holders and their banks.

The cybercrime intelligence report covers the following: - Cybercriminals use sophisticated crimeware tools to steal money online and avoid detection - They use compromised legitimate websites as well as fake ones to infect visitors with their crime toolkit - Once infected, the Trojans get instructions from its Command &Control center to rob bank accounts - Instructions include criteria for the amount that should be stolen from an individual account - This method is a highly-effective, “Anti anti-fraud” system detection tool - Once the money is stolen, the Trojan creates a forged bank statement to hide the theft - The stolen money is transferred to a money mule account and then forwarded to the cybercrooks to prevent any direct money trail - The cybergang was able to steal Euro 300,000 in 22 days

“As reported previously by Finjan, cybercriminals continue to follow the money, with bank accounts steadily remaining a favorite among their targets. To avoid detection, cybercriminals continue to improve their methodologies for stealing money and going under the radar from the victims and banks alike. With the combination of using sophisticated Trojans for the theft and money mules to transfer stolen money to their accounts, they minimize their chances of being detected,” said Yuval Ben-Itzhak, CTO of Finjan. “In this case, the specific criteria that the Trojan received from its Command & Control center mark a whole new level of cybercrime sophistication in the techniques used by cybercriminals. Using these methods they successfully evade anti-fraud systems that banks deploy - we dubbed it the Anti anti-fraud.”

The report shows in detail how this cybergang worked and provides recommendations how individuals and banks can protect themselves.

To download the report, please go to www.finjan.com/cybercrime_intelligence

Money mule accounts are legitimate bank accounts owned by legitimate bank users. Cybercriminals hire ‘mules’ by falsely telling them they are working for a legitimate business. These bank account owners or “mules” are normally unaware that they are “muling” stolen money, but think that they are being paid for “working from home” and other moneymaking schemes. To avoid warning signs by anti-fraud systems at the bank, the money mule accounts are only used for a limited number of times within a certain timeframe. Since banks monitor large bank transfers, the amount of money deposited in a money mule account is predefined in order to stay under the radar.

About MCRC

Finjan MCRC (www.finjan.com/SecurityLab.aspx?id=547)specializes in the detection, analysis and research of web threats, including Crimeware, Web 2.0 attacks, Trojans and other forms of malware. Our goal is to be steps ahead of hackers and cybercriminals, who are attempting to exploit flaws in computer platforms and applications for their profit. In order to protect our customers from the next Crimeware wave and emerging malware and attack vectors, Finjan MCRC is a driving force behind the development of Finjan’s next generation of security technologies used in our unified Secure Web Gateway(www.finjan.com/Content.aspx?id=190) solutions. For more information please also visit our info center(www.finjan.com/Content.aspx?id=827) and blog (www.finjan.com/MCRCblog.aspx).

About Finjan

Secure Gateway provides organizations with a unified web security solution combining productivity, liability and bandwidth control via URL categorization, content caching and applications control technologies. Crimeware, malware and data leakage are proactively prevented via patented active real-time content inspection technologies and optional anti-virus modules. Powerful central management enables intuitive task-based policy management, excellent drill-down reporting capabilities and easy directory integration for all network implementation options. By integrating several security engines in a single dedicated appliance, Finjan’s comprehensive and integrated web security solution enables quick deployment, simplified management and reduction of costs. Business benefits include real-time web security (no patches or updates needed), lower total cost of ownership (TCO), cost savings in administration efforts, lower maintenance costs, and reduction in loss of productivity. Finjan’s security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, eWEEK, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan’s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com.

(c) Copyright 1996-2009. Finjan Software Inc. and its affiliates and subsidiaries. All rights reserved.

You may not modify, license, create derivative works from, transfer, or sell any part of its content without Finjan’s explicit permission. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including European Patent EP 0 965 094 B1 and U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743, 7155744, 7185358, 7418731 and may be protected by other U.S. Patents, foreign patents, or pending applications.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote, Window-of-Vulnerability, RUSafe and SecureBrowsing are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. All other trademarks are the trademarks of their respective owners.

Media Contacts United States Jan Wiedrick-Kozlowski Activa PR Tel: +1-585-392-7878 jan@activapr.com UK Neil Stinchcombe Eskenzi PR Ltd. Tel: +44(0)208-449-1007 neil@eskenzipr.com

Source: Finjan Software

Media Contacts, United States, Jan Wiedrick-Kozlowski, Activa PR, Tel: +1-585-392-7878, jan at activapr.com; UK, Neil Stinchcombe, Eskenzi PR Ltd., Tel: +44(0)208-449-1007, neil at eskenzipr.com