It was a heist!
A Swedish bank has been hit by the biggest ever online heist — approximately $1M USD.
The attack started by a tailormade Trojan sent in the name of the bank to some of its clients, according to McAfee. The sender encouraged clients to download a “spam fighting” application. Users who downloaded the attached file, called raking.zip or raking.exe, were infected by the Trojan, which some security companies call haxdoor.ki.
Haxdoor typically installs keyloggers to record keystrokes, and hides itself using a rootkit. The payload of the .ki variant of the Trojan was activated when users attempted to log in to the Nordea online banking site. According to the bank, users were redirected to a false home page, where they entered important log-in information, including log-in numbers.
Be careful out there, folks. It looks like Anil was right.
January 22nd, 2007 at 7:50 pm
Several things come to mind after reading this:
first off…next time you think about throwing encryption at a problem think twice…
Second – perhaps an operating system warning users of a highly suspicious application installation. Nowadays we all get the standard ‘warning: you are about to install an application’…what about the OS looking at the file, comparing it to a list of application names, structures, approved apps lists,etc. and giving a nice bright warning a few times before letting the app install.
In fact I would go so far as to say create an option that would allow an email to be sent to the network admin (or OS company) letting them know something not-so-nice may have been installed.
Get 10,000 of those over the course of 48 hours and you might be able to do something before the crime takes place.
A system like this would be more complicated, just a general idea to throw out there.