24 June 2014
Last updated at 21:52
Kaspersky said it believed code was injected into the bank’s webpages to steal data
A security firm has reported uncovering evidence of cyber-thieves robbing more than 190 customers of a European bank.
Kaspersky Lab said it had detected a computer server in January being used to co-ordinate an attack that appeared to have snatched more than 500,000 euros ($700,000; £400,000) over the course of a single week.
The firm said it believed most of the victims were based in Italy and Turkey.
It said that it had alerted the authorities to the problem.
However, it added, the criminals managed to delete any evidence that could have been used to trace them before they could be identified.
The firm declined to identify the bank involved.
Kaspersky has codenamed the campaign Luuuk, and said that it believed a Trojan program was used to intercept financial data and allow fraudulent transactions to be made as soon as each victim logged into their online bank account.
But it acknowledged there were still gaps in its knowledge.
“On the command-and-control server we detected there was no information as to which specific malware program was used in this campaign,” said Vicente Diaz, principal security researcher at Kaspersky Lab, in a statement.
“We believe the malware used in this campaign could be a Zeus flavour.”
Zeus is the name given to a type of Trojan malware first detected in 2007, which allows data to be stolen from computers running the Windows operating system. It has been linked to previous bank thefts that ran into the millions of pounds.
Kaspersky said that it thought the way Zeus was used in this attack involved inserting rogue information into the bank’s webpages when they were downloaded, allowing confidential data to be stolen.
It said that according to the computer logs it had obtained, the sums stolen from each account appeared to range from 1,700 euros to 39,000 euros.
While the detected computer server has now been shut down, the firm warned that it believed the thieves could strike again, adding that it planned to search for evidence of the Luuuk campaign continuing.
“This looks to be very significant – it’s not so much the absolute amount reported to be stolen, but the speed at which it was taken out,” Alan Woodward, an independent security consultant, told the BBC.
“The way you have to get this money into the real world involves sending it to real accounts and getting ‘money mules’ to take it out, so would require significant organisation.”