Ten arrested in connection with phishing Trojan horse attack

Sophos Press Release

Russian, Ukranian and German suspects apprehended by authorities

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have welcomed the news that members of an alleged international phishing gang have been arrested following an investigation by German police.

Germany's Federal Crime Office (known as the BKA) announced on its website, that the gang, which includes two women, have been arrested in connection with a plot to plunder the bank accounts of online surfers.

The group is alleged to have targeted users of online banks by sending them emails claiming to come from Deutsche Telekom, eBay, 1&1, Walmart, Ikea, and the German television licensing organization (GEZ). Attached to the emails were malicious Trojan horses (such as Troj/Clagger-AZ and Troj/DwnLdr-FYH) that stole information from the infected computers.


Some of the emails claimed to come from the German TV licensing organization.

The police probe, which is said to have taken 18 months, resulted in arrests in several German cities, including Dusseldorf, Cologne and Frankfurt. According to the BKA, the suspects - who come from Germany, Russia and the Ukraine -bought expensive jewelry, cars and luxury holidays from the proceeds of their criminal acts.

"The German authorities deserve credit for putting the resources into investigating the deluge of malicious emails that computer users in their country were receiving in these campaigns," said Graham Cluley, senior technology consultant for Sophos. "The financial rewards for cybercrime are significant, and we are seeing more organized gangs getting involved in this kind of crime all the time. Everyone who has a computer needs to learn how to properly defend themselves, or risk having their money and identity stolen."

In another malicious campaign the emails claimed to come from Ikea.

Sophos experts encourage all computer users to learn how to reduce the risk of being hit by a phishing attack.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.