Sweden 's largest bank, Nordea, has suffered what is described by Swedish media as the world's biggest online fraud which took place over three months. Over 8 million kronor (nearly £600,000) has disappeared in three months as a result of tailor-made trojans launched by Russian criminals. According to McAfee the attack started by a tailor-made trojan sent in the name of the bank to the bank's clients. The sender encouraged clients to download a spam fighting application.
Users who downloaded the attached file raking.zip or raking.exe were infected by the trojan haxdoor.ki . When the first attacks begun it was clear that the haxdoor version had been modified to target the bank. The Trojan then activated itself when the user tried to log in. The trojan then saved the information and displayed an error message asking the client to resend the info. The criminals then had two access codes in their possession which was enough to transfer money. The Police have been able to establish the fact that log in information has been sent to servers in the USA and then to Russia . After that unknown criminals logged in transferring large amounts from the bank.
McAfee says it saw in excess of 17,000 'phishing' reports per month in 2006, a growth rate of 25%. Forty percent of attacks were not in the English language but more worryingly, 90% of people still don't recognise a well constructed phish, for example, asking for confirmation of bank details.
For anyone worried about their own bank details, McAfee offers the following advice. Ensure the computer(s) has an up-to-date anti-virus and anti spyware software package in place; install and turn on a personal firewall, which will stop a targeted attacker; regularly install update patches in order to fix trapdoors that someone can use to get into your system; do not open email attachments from unrecognisable sources; choose an Internet security provider that considers security. A number of ISPs now offer email filtering and content filtering protection.
