Researchers from Kaspersky Labs say they have uncovered evidence of a targeted attack focused on customers of a large European bank in which more than half-a-million Euros were siphoned from accounts over a one week period.
The campaign was first detected on in late January with the discovery of a C&C server whose control panel showed indications that a Trojan was being employed to pilfer the funds, and analysis of the server’s own server logs confirmed the heist.
“Soon after we detected this C&C server, we contacted the bank’s security service and the law enforcement agencies, and submitted all our evidence to them,” said Vicente Diaz, Principal Security Researcher at Kaspersky Lab.
“On the C&C server we detected there was no information as to which specific malware program was used in this campaign. However, many existing Zeus variations (Citadel, SpyEye, IceIX, etc.) – have that necessary capability. We believe the malware used in this campaign could be a Zeus flavor using sophisticated web injects on the victims,” Diaz said.
The campaign is believed to have started around January 13th of this year, and just two days after the researchers detected the C&C server, the operators had already wiped evidence that may have been critical in tracking them, but the team believes this does not indicate the end of the campaign.
“The C&C server related to The Luuuk was shut down shortly after the investigation started. However, the complexity level of the MITB operation suggests that the attackers will continue to look for new victims of this campaign. Kaspersky Lab’s experts are engaged in an on-going investigation in The Luuuk’s activities,” the researchers said.
Read More Here…