Sept. 30, 2010 — -- Dozens of people in the U.S and Britain have been charged in a worldwide cyberscam that used the powerful Zeus Trojan virus to crack open bank accounts and divert millions of dollars to Eastern Europe.
The US Attorney for the Southern District of New York and the Manhattan D.A. charged 37 people Thursday, most of them Russian nationals, with stealing more than $3 million from small business and government accounts in the U.S. Another 19 suspects were arrested in London, and 11 were charged in the theft of $9.5 million from British banks. Estimates of the total amount stolen in both countries will probably increase as the year-long investigation continues.
While 20 of the New York suspects are in custody, another 17 remain at large.
"This advanced cybercrime ring is a disturbing example of organized crime in the 21st century – high tech and widespread," said Manhattan District Attorney Cy Vance Jr. "The far-reaching results of this investigation to date represent what people deserve: successful cooperation between city, state, federal and foreign law enforcement officials."
"As today's arrests show," said US Attorney Preet Bharara, "the modern, high-tech bank heist does not require a gun, a mask, a note, or a getaway car. It requires only the Internet and ingenuity."
New York Police Department Commissioner Ray Kelly said that after detectives in the Bronx investigated the suspicious withdrawal of $44,000, "it soon became evident that it was just the tip of an international iceberg."
The Zeus malware, which has traditionally targeted PCs but has now been updated to attack cell phones as well, is designed to steal bank account log-on credentials. It either lures the victim to click on a link in an e-mail or steers the victim to a web site hosting the malware, and then records keystrokes when the victim logs into various private accounts.
The Eastern European crime ring that was cracked by US, British, and Eastern European authorities used the virus to target accounts where large withdrawals were not unusual. To avoid electronically shifting those funds directly to Russia, so-called "money mules" opened accounts to receive the funds. According to state and federal authorities, the mules had often entered the US under student visas, and then were provided with passports under fake names to open the accounts.
Zeus Trojan Virus Has Been Updated
"Once these false-name accounts were successfully opened," said a statement from the US Attorney's office, "and received the stolen funds from the accounts compromised by the malware attacks, the 'mules' were instructed to transfer the proceeds to other accounts, most of which were overseas, or to withdraw the proceeds and transport them overseas as smuggled bulk cash."
Though at least two-thirds of the alleged "mules," managers and recruiters charged in New York were Russian, at least seven were Moldovan. The 37 face federal charges that include money laundering, forgery, conspiracy to commit bank fraud, conspiracy to use false identification and use of false passports.
Spread by phishing schemes and drive-by downloads, the Zeus Trojan virus has been around since at least 2007, and is consistently described as very difficult to detect even by sophisticated anti-virus software. As a result, millions of computers are believed to be infected.
Recently, internet security experts have said that a new version of the malware appears to be targeting mobile phones -- intercepting SMS confirmations sent by banks to customers and defeating the fund transfer authentication codes.