Lavasoft News - March 2007

Swedish Bank Falls Prey to Internet Fraud

Security experts are calling on Nordea, the largest bank in the Nordic nations, to shape up or ship out its online banking system after 250 customers had cash siphoned from their accounts.

The phishing attacks started in September of last year, disguised as e-mails from the bank. Victims were duped into downloading anti-spam software, which was really a log-in/password-stealing Trojan.

As soon as the user navigated to the Nordea log-in page, the Trojan would kick into gear, saving the customer's details. An error message would then be displayed asking them to resend the information. The criminals then had the two access codes needed to steal cash from the accounts.

Police tracked the fraudulent e-mails to computer servers first in the U.S. and then to Russia. More than 120 people are suspected to be involved in what police say is the work of organized crime gangs in Russia. Two people have already been convicted, two others were recently arrested, and warrants have been issued for seven more.

A reporter at Computer Sweden magazine actually met the Russian-speaking hacker behind the Trojan attack in an anonymous Internet chat. The reporter claimed to be interested in buying his own Trojan tailored for attacking an Internet bank. The hacker, called Corpse, admitted he designed Haxdoor, the Trojan used in Nordea's case and was looking to sell the version for $3,000 U.S.

Just days later, Corpse's site, where he sold his Trojan program, was shut down.

In the meantime, Nordea is feeling the pressure to make some changes to its Internet system.

"Like we have said for a long time, we are carefully looking at different solutions," said Nordea spokesperson Boo Ehlin. "We are continuing to use the system we have had in place for a long time. We are constantly making small adjustments, but if major changes are made we will go public when we make a decision."

Nordea customers log in to their accounts using their date-of-birth, a four-digit security code and a one-time code. Some security experts have rated the system as the least secure of any Swedish bank.

The bank has been the target of phishing e-mails before. In August 2005, it was forced to temporarily shut down its online arm due to another sophisticated phishing attack.

Nordea has fully compensated its customers targeted in the latest attack.

Home   arrow

Ad-Aware SE + Firewall - 30% off! Buy Ad-Aware SE + Lavasoft Personal Firewall bundle today and get up to 30% off! *Offers ends March 15th, 2007. All purchases will be eligible for a free update to Ad-Aware 2007
One of the so-called "fathers of the Internet" claims 100-150 million of the 600 million online computers are virus-infected components in botnet networks of PCs under control of hackers. Read who said it and what other predictions he makes in our story, "Battling the Botnet Pandemic."
Term of the Month
Botnet, shortened from roBOT NETwork, is a network of compromised PCs. It is a type of Remote Control Software, specifically a collection of software robots, or 'bots', which run autonomously. Botnets have been used for sending spam remotely, installing more spyware without consent, and for other illicit purposes.

Educate yourself by reading more terms in our Spyware Glossary.
Tech Tips
Having up-to-date firewall, anti-virus and anti-spyware programs is key in keeping your computer safe, but be prepared in the event of a system crash. Back up your files! Along with confidential documents, think of all those personal photos you may have stored on your PC. Don't lose them! Copy them onto a removable disc and store them in a safe place. It may seem like simple advice, but many computer users don't have any back ups at all.
Letters to the Editor
Many of you who wrote to us feel the so-called "spyware" teacher shouldn't be put behind bars and that malware is the real criminal in this case. Stay tuned to this story as sentencing is handed down March 2. In the meantime, read a few of your letters here (some have been shortened due to space limitations).
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Page footer