A report in the London Telegraph says computer users unknowingly downloaded the malicious program when they opened an email attachment. The newspaper quotes sources at M86, the British agency that uncovered the scam, as saying all the victims so far were customers of the same bank. The agency says the attacks are continuing.
Trojan viruses can affect computers running the Windows operating system. They lurk in emails and even on websites.
Also called "key loggers," these programs, once installed on a computer, record every keystroke the user makes. That information can be retrieved remotely, giving the hacker access to the victim's user names and passwords.
In the British case, the attacker then used the information to log into the victims' online bank accounts and take all their money.
On the trail
So far British authorities have not identified the particular Trojan being used in this attack, but computer security firm Sophos, in its latest security alert, is warning consumers about the Mal/EncPk-QY, a malicious downloader that is capable of carrying out the current attack on bank accounts. Sophos said it saw Mal/EncPk-QY in almost 44 percent of email attachments in a recent variety of spam campaigns.
Sample subjects of spam campaigns seen distributing the attachment:
• Your Facebook password is changed
• Review your annual Social Security statement DHL Tracking
number 397176595115 From
Some attachment names include:
•Facebook_Passw_31.07.2010.zip
• statement.zip
• viewer.zip
• document.zip
The file extracted from the zip file is an executable. When run, the executable contacts a server to deliver information about the target machine, including the hostname, as well as download yet another executable.
Security experts say consumers running Windows can protect themselves by keeping their operating systems, browser, and security software up to date. Most Trojans exploit known vulnerabilities in Windows programs for which patches currently exist.
