New Malware Takes Hacking to a Whole New Level

Dennis Faas's picture

New malware being used by cyber criminals takes hacking to a whole new level: it hides evidence of a fraud victim's dwindling bank balance by rewriting online bank statements on-the-fly.

The hack employs a Trojan horse program installed on a victim's machine that alters HTML (hyper text markup language) coding before it's displayed in a user's web browser. The altered HTML code either erases evidence of a money transfer transaction entirely from a bank statement, or it alters the total amount of money balances and transfers.

The hack buys cyber criminals more time before a victim finds out he or she has been a victim of fraud. However, the hack won't work if the victim is using an uninfected machine to check their bank balance.

URLZone Hack Used in Germany

In August, this hacking technique was used to target customers of leading German banks. According to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan, 300,000 Euros were stolen in just three weeks. (Source:

Ben-Itzhak acknowledges that the hack is a very sophisticated technique. Information has been published in a cybercrime intelligence report (PDF) written by Finjan's Malicious Code Research Center.

The Trojan, known as URLZone, infects a victims' computer after he or she has visited a compromised legitimate web sites or rogue sites that have been set up by the hackers.

Money Mules Used to Launder Money

Once a user's machine has been compromised, the malware grabs the consumer's log-in information and contacts a control center for further instructions. The control center then tells the Trojan how much money to transfer and where to send it. Random amounts are withdrawn to avoid tipping off a bank's automated anti-fraud detector and to make sure the withdrawal doesn't exceed a victim's bank balance.

Work-At-Home Scams Used as Mule Bait

Money is transferred to legitimate accounts of unsuspecting money mules recruited online for work-at-home jobs. The mules are unaware that the cash flowing through their account is being laundered; the money is then transferred another account the cyber criminal has chosen.

The cyber gang that Finjan tracked only used each money mule twice to avoid a pattern of fraud detection.

The Trojan is then instructed to modify and change the statement the victim sees the next time the victim logs into their online bank account. Most of the victims affected by the Trojan were using Internet Explorer, but other browsers are vulnerable too.

Finjan estimates that a gang using the scheme unimpeded could rake in about $7.3 million annually. So far, the hacks have only affected German banks, but Finjan believes the hack will also affect other countries. (Source:

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
No votes yet