The company Check Point, which has a serious authority in the protection of information, published 18-page report on the new botnet called ‘Eurograbber’.
According to the results of the investigation conducted by Check Point and Versafe, since it was first detected in Italy in early 2012, the system Eurograbber stole more than 36 million euros ($ 47 USD million) from the accounts of private and corporate clients in various countries in the eurozone.
Technology steal money from bank accounts Eurograbber built on botnet Zeus – very popular with cybercriminals platform to create branched botnets with centralized management server. Unlike Eurograbber of previously detected malware is its high complexity and risk. The fact that Eurograbber uses special circuitry to bypass two-factor authentication, which is still considered a reliable means of protection: messages with one-time passwords that are sent from the bank to the customer’s mobile phone, intercepted and used by hackers.
Name Eurograbber detected complex viruses gave security experts from companies and Check Point Versafe. For 2012, the virus had spread throughout Europe. According to experts, the operators Eurograbber stole more than 36 million euros, with each victim lost from 500 to 25 000.
Using this information about the number and mobile device platforms, the criminals send a text message to the victim machine to the website where you download ‘encryption utility’ for the device. In fact, instead of any utility installs the mobile version of the virus Zeus, ‘Zeus in the mobile’ (ZITMO) – Trojan specifically designed for mobile OS Android and BlackBerry. This mobile virus works at a level between the end user and the transmission system SMS messages. Now that compromised both devices (PC and Smartphone), the virus waits until the victim re-enters your bank account through a browser. When you are logged on, the virus immediately sends the money to the victim’s account to the account created by criminals to withdraw money.
At this point, the virus on the device intercepts SMS message asking to confirm the operation, and forwards the message to the server control the botnet through a special phone number that works in repeater mode. Criminals use server message to confirm the transfer of money and withdraws the money from the victim’s account. The same process can be repeated each time the affected user logs in to your account, gradually writing off money without your knowledge. Withdrawal of money by using so-called ‘mules’ – people who, for a small fee open temporary accounts, get them stolen money, remove the amount in cash and transfer them to the criminals.
Both companies, which participated in the investigation – Checkpoint and Versafe – have added signatures and characteristics of behavior Eurograbber in their products to block the virus. The main means of combating such viruses for the end user is a regular update of all programs and components most prone to unauthorized downloads: Adobe Flash, Java, and Web browsers. In addition, it helps healthy caution when passing on any even remotely suspicious links sent by e-mail. In most cases, these simple precautions to help avoid infection completely. Full report in PDF format of the attack Eurograbber can be found on the company’s website at Check Point https://www.checkpoint.com/products/downloads/whitepapers/Eurograbber_White_Paper.pdf