Thousands of British online banking customers have fallen victim to a sophisticated attack by cyber criminals who have stolen thousands of pounds from their accounts. About 3,000 online banking customers have been victims of a computer virus attack that empties their accounts while showing them fake statements so the scam goes undetected. Experts have described the attack using a ‘trojan’ virus as the most sophisticated and dangerous malware program ever created.
The cyber criminals stole an estimated £675,000 between July 5 and August 4 and the attack is still progressing, experts warn.
Out of action: The new trojan virus can empty bank accounts without their owners knowing about the theft as it shows them fake statements
The latest virus is a variant of the Zeus trojan banking virus which first emerged three years ago and is called Zeus v3.
M86 Security said: ‘We’ve never seen such a sophisticated and dangerous threat. Always check your balance and have a good idea of what it is.’
The scam was discovered after M86 gained access to the command-and-control server in Eastern Europe running the thefts.
It collects data such as passwords and even transfers money out of accounts automatically, but only after checking if there is at least £800 available.
Bradley Anstis, M86 vice-president of technology strategy, said: ‘This is an extremely sophisticated version of the virus and it cannot be detected by traditional security software.’
The company said it was the most-sophisticated and dangerous virus yet seen and advised online banking users to check their balances regularly and have a good idea of what it should be.
British high street banks do not believe they have become victims of the cyber criminals.
A spokesman for HSBC said: ‘There are millions of viruses and other malicious software.
‘We urge people to take basic measure to protect themselves from virus attacks.
‘Any customer who is a victim of fraud will be reimbursed by HSBC.’
However, M86 said it believed one high street bank was breached and failed to act quickly after warnings last month.
More than 100,000 PCs in Britain have been infected with other forms of the trojan virus.
McAfee Inc, the security software maker, said production of software code known as malware, which can harm computers and steal user passwords, reached a new high in the first six months of 2010.
McAfee said total malware production continued to soar and 10 million new pieces of malicious code were catalogued.
It also warned users of Apple’s Mac computers, considered relatively safe from virus attacks, that they may also be subjected to malware attacks in the future.
‘For a variety of reasons, malware has rarely been a problem for Mac users. But those days might end soon,’ a spokesman said.
‘Our latest threat report depicts that malware has been on a steady incline in the first half of 2010,’ Mike Gallagher, chief technology officer of Global Threat Intelligence for McAfee, said in the report that was obtained by Reuters.
Last year £59.7million was lost to online banking fraud, according to Financial Fraud Action UK.
Another £440million was lost to credit card fraud.
And the problem is said to be on the rise, with criminals attacking banks’ customers rather than the banks themselves as they are seen as softer targets.
A Financial Fraud Action UK spokeswoman said: ‘The idea that criminals are targeting people by using malicious software or Trojans is nothing new.
‘Bank systems are hard to attack so they’re having to go through the easier link in the chain, which is the customers.
‘They’re hoping customers aren’t taking security precautions. We’ve been seeing this for the last few years and we’re constantly urging people to protect their computers to try to mitigate the risk of becoming a victim.
If you think your machine has already been infected, contact your bank immediately. If the bank thinks you are a genuine victim of fraud it will reimburse you.