Estonia Nets A Big Phish
The Register, quoting AP, says that an Estonian man suspected of plundering millions from hundreds of online bank accounts accounts across Europe was arrested last week. AP reports that the unnamed 24 year-old allegedly used a sophisticated Trojan in order to monitor the keystrokes on victims’ PCs and extract confidential banking passwords that allowed him to plunder online accounts.
The unnamed Trojan was bulk mailed to prospective victims in emails that promised lucrative job offers from government institutions, banks and investment firms. In reality it linked to a web page hosting malicious code.
Jaan Priisalu, an IT risk manager at Hansabank, told AP the Trojan used in scam was the most sophisticated he had ever seen. For a long time, AP says, it evaded anti-virus protection software and it erased all traces of itself from hard drives after it had exhausted its usefulness.
Which of course, begs the question: How many other trojans are out there evading our defences? And does evading anti-virus software mean the trojan was never identified and added to anti-virus libraries, or does it mean it was added but not caught by the software? Either way, it’s worrying.