CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 16th, 2009

Trojan Plunders $480k From Cumberland County Redevelopment Authority Online Bank Account

A Pennsylvania organization that helps develop affordable housing learned a painful lesson about the hazards of online banking using the Windows operating system when a notorious trojan siphoned almost $480,000 from its account.

News reports say $479,247 vanished from a bank account belonging to the Cumberland County Redevelopment Authority after it was hit by Clampi. The trojan gets installed by tricking users into clicking on a file attached to email and then lies in wait for the victim to log in to online financial websites. The authority has so far been able to recover $109,467 of the stolen loot.

The theft is part of a rash of online heists that have stolen millions of dollars from businesses and non-profit organizations. While circumstances are different in each case, they all point to a single point of failure: Each theft relied on the successful compromise of a Windows-based system.

It was this undeniable fact that led Brian Krebs – author of the Security Fix blog which over the past month has published a series of articles detailing high-stakes bank thefts – to recommend Windows machines no longer be used by those who choose to do their banking online.

“I do not offer this recommendation lightly,” he wrote. “But I have interviewed dozens of victim companies that lost anywhere from $10,000 to $500,000 dollars because of a single malware infection.”

Indeed, the Clampi variant that hit the Cumberland redevelopment authority reportedly was able to succeed even though employees used an automated clearing house token that generated a different eight-digit access code every minute or so. Redevelopment authority officials didn’t return calls seeking comment.

Credit: The Register

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • Sensitive Data Said To Be Available On California Riverside County Superior Court Website
  • Server Of Suffolk County National Bank Breached, 8,300 Customer Logins Stolen
  • Over 3 Million Dollars Stolen From School’s Bank Account, 500,000 Still Missing
  • Undetectable Sinowal/Torpig Trojan Steals More Than 300,000 Bank Accounts
  • Credit Cards Data Stolen In 1st Source Bank Intrusion

    • Posted in Breaches And Incidents, Cybercrime, Data Theft, Trojans & Worms, Windows | Print This Post Print This Post

    This entry was posted on Friday, October 16th, 2009 at 5:12 pm and is filed under Breaches And Incidents, Cybercrime, Data Theft, Trojans & Worms, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Trojan Plunders $480k From Cumberland County Redevelopment Authority Online Bank Account

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « « Record Number Of Vulnerabilities Fixed In Microsoft’s Patch Tuesday
    Australian Atheist Websites Taken Offline By Distributed Denial Of Service Attacks » »