Police In UK & US Charge & Arrest Multiple People Over Zeus Trojan E-banking Fraud

Use Netsparker


Zeus has been around for quite some time, we reported it about it initially back in 2009 when it was noted Zeus could evade anti-virus software.

In more recent months it was noted that Zeus has become more focused and variations of Zeus were found to be targeting banks and financial organisations in specific geographic regions.

The latest news is both in the UK and US charges and arrests have been carried out on people involved in the Zeus ring that has been stealing money. Some reports claim the ring has stolen up to 200 Million USD since 2006, quite a substantial amount. In the UK alone they have netted £6m in the past 3 months and were all caught in the Essex region.

U.S. authorities have charged more than 60 people in connection with the money-stealing Zeus Trojan program, according to the U.S. Department of Justice. The arrests follow a Tuesday U.K. sweep that led to 11 charges against Eastern European citizens thought to be involved in moving stolen funds out of the country.

Zeus has been a major problem for computer users and financial institutions over the past few years. Once installed on the victim’s PC, the malware can be used to log into a victim’s bank account and transfer funds to another account controlled by the criminals. The malicious software is sold in black market forums and there are more than a dozen Zeus gangs in operation worldwide. Security experts say that the gangs have netted more than US$200 million since Zeus was discovered in 2006.

The U.S. arrests involve so-called money mules, people who are paid to set up accounts that receive stolen funds and then move the money out of the country, typically via a wire service such as Western Union. The DOJ has scheduled a press conference in Manhattan on Thursday afternoon to further discuss the arrests.

All the individuals involved seem to be Eastern European/Russian, this is true for both the US and UK arrests – Police charge 11 over Zeus cybercrime scam in UK.

You can see a list of the people still wanted by the FBI here – Wanted by the FBI for Federal Cybercrime Charges.

It’s good to see this kind of fraud being taken seriously as it is damaging to the economy, the banks and the consumers themselves. Even if protected by insurance it’s a long winded and time intensive process to claim back and money lost to fraud.

According to documents seen by IDG News Service, prosecutors have filed a total of 26 complaints. Investigators from the agencies including the U.S. Federal Bureau of Investigation and State Department special agents describe in the complaints an elaborate network used to launder funds stolen by the Zeus malware.

One of the complaints describes in-depth the use of money “mules” in order to facilitate the transfer of funds into criminal accounts. Mules agree to allow funds to be transferred out of victims’ accounts into their own accounts. Those funds are typically quickly withdrawn and wired elsewhere before banks detect the fraud.

But that was a risky job, involving withdrawing cash from the banks either in person or visiting cash machines, both of which would be under video surveillance.

“The mule organization typically recruited mules from Eastern Europe who were either planning to travel to or were already present in the United States on J1 visas,” according to the complaint lodged against three individuals: Artem Semenov, Almira Rakhmatulina and Julia Shpirko.

The J1 visa is a non-immigrant visa granted to people such as students. When those mules arrived in the U.S., they were given fake foreign passports in order to open more bank accounts. Stolen funds were transferred to those accounts in amounts close to $10,000, according to the complaint.

Most of them seem to be operating in the same way, entering the US under student visas then opening bank accounts with fake passports, laundering the money in small amounts so as not to trigger banking alerts (less than $10,000) then keeping a small cut and sending most of the money off to some larger organisation.

More from The Register here – Feds accuse 37 of being Zeus ‘money mules’

I’m guessing there will be a lot of news about this and more details will be exposed in the following weeks.

Source: Network World

Posted in: Legal Issues, Malware, Spammers & Scammers

, , ,


Latest Posts:


How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
HTTrack - Website Downloader Copier & Site Ripper Download HTTrack – Website Downloader Copier & Site Ripper Download
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
sshLooter - Script To Steal SSH Passwords sshLooter – Script To Steal SSH Passwords
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in.
Intercepter-NG - Android App For Hacking Intercepter-NG – Android App For Hacking
Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.
dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.


Comments are closed.