PC Invader Costs Kentucky County $415,000
Posted on 08. Jul, 2009 by Amit Jindal in Business, Linux, Security, Servers, Windows
Increasingly Windows users are seeing attacks that are more sophisticated and using techniques unheard before. These attacks continuously point out to a single aspect of windows. And they say it out LOUD.
Windows is NOT secure. Period.
Then why don’t people get it?
PC Invader Costs Ky. County $415,000
Cyber criminals based in Ukraine stole $415,000 from the coffers of Bullitt County, Kentucky this week. The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks.
Bullitt County Attorney Walt Sholar said the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county’s payroll to accounts belonging to at least 25 individuals around the country some individuals received multiple payments. On June 29, the county’s bank realized something was wrong, and began requesting that the banks receiving those transfers start reversing them, Sholar said.
“Our bank told us they would know by Thursday how many of those transactions would be able to be reversed,” Sholar said. “They told us they thought we would get some of the money back, they just weren’t sure how much.”
Sholar said the unauthorized transfers appear to have been driven by “some kind computer virus.” Security Fix has been communicating with a cyber crime investigator who is familiar with the case. What follows is a description of the malicious software used, a blow-by-blow account of how the attackers worked the heist, as well interviews with a couple of women hired to receive the stolen funds and forward the money on to fraudsters in Ukraine. This case also serves as an example of how e-mail scams can be used to dupe unknowing victims in serving as accomplices in their plan.
According to my source, who asked not to be identified because he’s still investigating different sides of this case, the criminals stole the money using a custom variant of a keystroke logging Trojan known as “Zeus” a.k.a. “Zbot” that included two new features. The first is that stolen credentials are sent immediately via instant message to the attackers. But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim’s bank account using the victim’s own Internet connection.
Many online banks will check to see whether the customer’s Internet address is coming from a location already associated with the customer’s user name and password, or at least from a geographic location that is close to where the customer lives. By connecting through the victim’s PC or Internet connection, the bad guys can avoid raising any suspicions.
What astonishes me is that Business owners still don’t realize the need for linux based servers that can seriously reduce or even eliminate their possibilities of infection. To this extent, we recently launched Small Business Server (http://www.aquevix.com/sbs) that is aimed to help small businesses get their IT combined in a single server.
For once again… ha ha ha, windows!