Man detained in banking Trojan horse phishing case, Sophos comments

April 04, 2005 Sophos Press Release

According to media reports, the Estonian police have detained a 24-year-old man suspected of stealing money from hundreds of internet bank accounts from several European countries by using a phishing Trojan horse.

The man, who has not been named, lives in Tallinn and is alleged to have sent a Trojan horse which could steal banking usernames and passwords from computer users to thousands of internet users. The suspect has been detained following a year-long investigation by computer crime authorities across Europe into what police believe could be the theft of millions of euros from accounts in Britain, Estonia, Germany, Latvia, Lithuania and Spain.

According to Aivar Pau, a spokesman for Estonia's central criminal police, it was the biggest case of online bank theft in Estonian history. If the man is charged and found guilty he could face up to five years in prison.

It is claimed that the suspect spread the Trojan horse by emailing thousands of messages that promised job offers. The offers pretended to come from legitimate organisations, such as government institutions, banks and investment firms, but actually contained a link to a webpage that infected computers with the Trojan horse.

"The last 12 months have seen a dramatic rise in the number of new viruses, worms and Trojan horses designed to steal the keystrokes of innocent computer users. Sophos's labs analyse approximately 15 new pieces of malware which include this sinister payload every day, compared to 5 a day a year ago," said Graham Cluley, senior technology consultant for Sophos. "The information stolen by this kind of phishing attack can be equivalent to someone watching over your shoulder as you type your password into the computer. Hacking gangs are actively hunting for vulnerable computers in order to steal information and empty bank accounts."

The British banking industry has published information about how online bank customers can take steps to stay safe online at www.banksafeonline.org.uk. The Australian Bankers Association has also published information about how consumers and small businesses can protect themselves against online fraud.

"Criminals are writing more malware than ever before, designed to steal bank account information from innocent computer users," continued Cluley. "All internet users need to ensure their computers are properly defended with the latest up-to-date protection software, and make sure they are not putting themselves at risk."

Sophos recommends that companies protect their email with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection. Additionally, computer users should ensure they are defended by personal firewalls and the latest Microsoft security patches.