According to media reports, the Estonian police have
detained a 24-year-old man suspected of stealing money from
hundreds of internet bank accounts from several European countries
by using a phishing Trojan horse.
The man, who has not been named, lives in Tallinn and is alleged
to have sent a Trojan horse which could steal banking usernames and
passwords from computer users to thousands of internet users. The
suspect has been detained following a year-long investigation by
computer crime authorities across Europe into what police believe
could be the theft of millions of euros from accounts in Britain,
Estonia, Germany, Latvia, Lithuania and Spain.
According to Aivar Pau, a spokesman for Estonia's central
criminal police, it was the biggest case of online bank theft in
Estonian history. If the man is charged and found guilty he could
face up to five years in prison.
It is claimed that the suspect spread the Trojan horse by
emailing thousands of messages that promised job offers. The offers
pretended to come from legitimate organisations, such as government
institutions, banks and investment firms, but actually contained a
link to a webpage that infected computers with the Trojan
"The last 12 months have seen a dramatic rise in the number of
new viruses, worms and Trojan horses designed to steal the
keystrokes of innocent computer users. Sophos's labs analyse
approximately 15 new pieces of malware which include this sinister
payload every day, compared to 5 a day a year ago," said Graham Cluley, senior
technology consultant for Sophos. "The information stolen by this
kind of phishing attack can be equivalent to someone watching over
your shoulder as you type your password into the computer. Hacking
gangs are actively hunting for vulnerable computers in order to
steal information and empty bank accounts."
The British banking industry has published information about how
online bank customers can take steps to stay safe online at
www.banksafeonline.org.uk. The Australian Bankers
Association has also published information about how consumers and small
businesses can protect themselves against online fraud.
"Criminals are writing more malware than ever before, designed
to steal bank account information from innocent computer users,"
continued Cluley. "All internet users need to ensure their
computers are properly defended with the latest up-to-date
protection software, and make sure they are not putting themselves
Sophos recommends that companies protect their email with a
consolidated solution to thwart the virus
and spam threats as well as secure their desktop and servers with
automatically updated anti-virus protection. Additionally, computer
users should ensure they are defended by personal firewalls and the
latest Microsoft security patches.