Image courtesy of Flickr user Rev Dan Catt
Businesses be warned: according to the FBI, hackers have stolen millions of dollars from small to medium-sized American companies by making unauthorized bank transfers to Chinese companies. While it’s not a new technique, the fraudulent wire transfers are unique in that they’re all going to China and have cost American businesses about $11 million.
The FBI issued a warning that describes in detail the wire-transfer scam that has evidently been going on for over a year now.
How the scam works:
A hacker compromises a PC belonging to a company employee who has access to the company’s online bank account and can initiate fund transfers. Oftentimes, the cybercriminals use a drive-by download or a phishing email to carry out the attack.
Once the hacker gains access to the PC, he installs malware and attains the user’s online banking credentials. During the victim’s login attempt, the attacker redirects him to a fake site that claims that the bank’s site is down or undergoing maintenance. During this period, the cybercriminal logs in to the victim’s account and carries out the transfer to a holding company in China.
Additional details of the scam:
The attackers typically attempt to transfer anywhere between $50,000 and nearly $1 million. And the FBI says that since March of 2010, it has identified 20 unauthorized wire transfers to Chinese holding companies. To date, criminals have attempted to steal $20 million but have only successfully stolen about $11 million.
Also of note is the fact that the Chinese companies on the receiving end of the wire fraud scams are all registered economic and trade companies that are located in port cities in the Heilongjiang Province, near the Russia-China border. The companies’ official names all contain the names of Chinese port cities, including Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning.
The malware involved:
Authorities have not been able to determine precisely which malware has been involved in all of the attacks, but they have been able to identify the malware in several incidences. Among the malware used in the unauthorized wire transfer attacks are the following:
- ZeuS is a Trojan horse that employs keystroke logging and form grabbing techniques, which allows the criminals to steal online authentication information like user names, passwords, and token IDs.
- Backdoor.bot is a type of malware that has worm, downloader, and keylogger capabilities. With it, cybercriminals can access infected computers and download additional malware remotely.
- Spybot is an IRC backdoor Trojan that runs in the background and allows unauthorized remote access to an infected computer.
In short, this malware allows hackers to access and interact with compromised computers remotely.
Everyone involved—banks, company employees, and business owners—should take the necessary precautions to keep any more funds from being stolen and wired to China. Individuals and businesses should maintain their antivirus software updated and keep an eye out for unauthorized wire activity. Meanwhile, banks should notify their customers of any suspicious wire activity going to China—and especially to one of the aforementioned Chinese port cities.