Security firm Kaspersky Lab has announced that in January it found evidence of a server being used to coordinate an attack on a European bank that appeared to have stolen £400,000 in a week.
Kaspersky declined to identify the bank involved but said that it had alerted the authorities. However, the criminals didn’t leave anything to chance and deleted all evidence that could have been used to identify them.
Codenamed ‘Luuuk’, the attack is believed to have been a Trojan program that intercepted financial data and allowed fraudulent transactions to be made as soon as each victim logged into their online bank account. However, Kaspersky added that there are still gaps in the knowledge of the attack.
“On the command-and-control server we detected there was no information as to which specific malware program was used in this campaign,” said Vicente Diaz, principal security researcher at Kaspersky Lab.
“We believe the malware used in this campaign could be a Zeus flavour.”
Zeus is a type of Trojan that allows data to be stolen from computers running Windows.
It’s thought that Zeus was used in this attack to insert rogue information into the bank’s webpages when they were downloaded, allowing confidential data to be stolen.
The detected server has been shut down, but the bank has been warned that the thieves could strike again.