Gang Arrested For Stealing Millions Using ZeuS

Orome1 writes "Nineteen people were arrested yesterday in the UK and are suspected of being part of an Eastern European gang that used the ZeuS Trojan to steal online banking credentials from unsuspecting victims and siphon around £2 million per month to their accounts."

Re:why not

Close but no cigar.

      Trojan refers to the citizens of the city of Troy, which is now known as Truva, Turkey. There is not a Greek god "Trojan" nor "Troy".

    They were contemporary to the great Greek empires, but as I recall they were not themselves Greek. Well, we know how wars and domination during the period went, any particular place in the area could be under a variety of empires, and likely change empires frequently.

Re:Shouldn't Software Houses Be Held Accountable?

[markusre]

My heart tells me to bash MS, too.
But in this case..... heres my login message:

"Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law."

So in this case Debian(and i think this is true for most linux distributions) is similar to windows.
Please note that i refer to the notice, that it's not responsible and NOT to the actual amount of security issues.

Primer on how to get caught.

[Freddybear]

Grabbed too much. Set off flags at the banks. Did the deed from a traceable location. And then kept on doing it until the cops showed up.

Re:Primer on how to get caught.

[Mattpw]

Many ZeuS packages have an option to remove the outgoing transactions from the user's browser as part of the MITB package, this includes changing the balance total to before the outgoing transactions were made so the user wont know until a paper statement turns up if one ever does as many banks are ditching paper statements in favor of browser based ones. And since they are now using the same trojan tactics on users mobiles to defeat mobile sms authentication I am sure you will see a Zeus mobile trojan upgrade to divert any calls made to the banks hotline number to an even more "helpful" team who will probably need even more user information "to get to the bottom of this please give us your..." /s

ZeuS is now bypassing mobile SMS authentication

[Mattpw]

More interesting news this week is the gang behind ZeuS, as predicted, have successfully integrated man in the middle attacks against mobile phone two-factor authentication schemes. http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-i.html

Re:ITs a political show

[turtleshadow]

Its a political show.

It was a synchronized raid by e-crimes unit of the Yard + photojournalist

It has the standard political trial the bad guy in the press pictures
a) stackup of officers in body armor and battering ram -- check
b) photos of the "crime scene ala the laptop" -- Check -- nice Orthodox icons BTW
c) photos of the guilty being lead away in irons by the guard -- Check and Check

It makes no mention of where the money went but only that the active criminals are caught. Some things to think about

1) 2 M &#163 divided by 19 conspirators (unlikely if equally) is still four times the average wage in Britain and just over the top salary of an defective for the yard after 10 years.

2) It doesn't mention what means the yard used. I mean the interception, the wire tapping and other means to know when the transaction was to occur-- to put doubt into the criminal mind?
did the yard keylogger the keyloggers?
did the yard just pay off for a tip?
The yard could hide their means with the need for state secrecy unlike US courts --- until recently.
Still want to take your mobile and net book on your holiday to London?

3) I doubt they got Keyser Söze