Gang Arrested For Stealing Millions Using ZeuS

Orome1 writes "Nineteen people were arrested yesterday in the UK and are suspected of being part of an Eastern European gang that used the ZeuS Trojan to steal online banking credentials from unsuspecting victims and siphon around £2 million per month to their accounts."

Re:

[Inda]

Is Taco still giving out badges for first posts?

Re:

[Gilmoure]

Badges?

Badges?

I don't have no badges.

I don't have to show you no steenking badges!

Re:FREE KEVIN

[mapkinase]

Usually "mob" refers to organizations with more diversified activities, traditionally including prostitusion, drugs, racketeering.

I do not see any reference in the OA to other criminal activities.

I would not even call it a "gang", which is now reserved to groups united not only by the trade, but also some ideological hocum on top of it.

It's just a small criminal organization, that's it.

Re:FREE KEVIN

[Narcocide]

It's just a small criminal organization, that's it.

I think the word you're looking for is "company."

Re:

[fiannaFailMan]

How is this funny? The word 'company' has almost 12 different definitions, and is a very broad word (see below). If you think it is funny because you are against private companies (in a corporation sense), your ignorance shines bright.

company [ kúmpnee ] (plural companies)
noun
Definition:
1. business business: a business enterprise

2. state of being together: the state of being with other people
He didn't feel at ease in company.

3. group: a gathering of people

4. companions: the people that somebody associates with

5. particular type of companion: somebody seen as providing a particular type of companionship
He can be very good company.

6. guest: a guest or visitor, especially for a meal or overnight stay
We're having company this weekend.

7. business business partners: the partners of a business enterprise whose names are not included in the firm's title

8. performing arts troupe: a group of performing artists such as actors

9. military group of troops: a unit of soldiers, usually consisting of two or more platoons

10. navy nautical ship's crew: the crew and officers of a ship

11. firefighters: a unit of firefighters

12. business history trade guild: a medieval trade guild
Stupid commies.

I think this [wikipedia.org] is what you're looking for.

Re:

[Tator Tot]

I think the word you're looking for is "company."

Small companies these days need all the help they can get.

Re:

[mcgrew]

Mob [merriam-webster.com]: 1 : a large or disorderly crowd; especially : one bent on riotous or destructive action
2 : the lower classes of a community : masses, rabble
3 chiefly Australian : a flock, drove, or herd of animals
4 : a criminal set : gang; especially often capitalized : mafia 1
5 chiefly British : a group of people : crowd

Gang [merriam-webster.com] a (1) : a set of articles : outfit
(2) : a combination of similar implements or devices arranged for convenience to act together
b : group: as
(1) : a group of persons working together
(2) : a grou

Re:

[mapkinase]

Thank you, I am aware of dictionary definitions. That is why I talked about "usual" definitions.

"regardless of how you "usually" see it."

I guess you are assuming that my perception of what "usual" is has nothing to do with what other people see as "usual".

Re:

[Anonymous Coward]

"regardless of how you "usually" see it."

In the quote above the word "usually" is the only word *not* in quotes.
The correct usage is:
"regardless of how you 'usually' see it."

Re:

[fiannaFailMan]

This is /.. You should be prepared to have nit-picking pedants picking apart the slightest potential alternative interpretation of your post even though the context makes it perfectly clear to anyone with half a brain.

Re:ITs a political show

[turtleshadow]

Its a political show.

It was a synchronized raid by e-crimes unit of the Yard + photojournalist

It has the standard political trial the bad guy in the press pictures
a) stackup of officers in body armor and battering ram -- check
b) photos of the "crime scene ala the laptop" -- Check -- nice Orthodox icons BTW
c) photos of the guilty being lead away in irons by the guard -- Check and Check

It makes no mention of where the money went but only that the active criminals are caught. Some things to think about

1) 2 M

Re:

[Abdul Jakul]

well they always have something to say about something... I was thinking they were using guns and get away vehicles with cool rims, wheels and tires [rimswheelsandtires.com]

why not

[rossdee]

Religions have been using to steal money from the believers for thousands of years, its about time the ancient Greeks had a go at it...

Re:

[mapkinase]

What does this have to do with the subject except that the name of the Trojan refers to a Greek "god"?

Re:

[Anonymous Coward]

Close but no cigar.

      Trojan refers to the citizens of the city of Troy, which is now known as Truva, Turkey. There is not a Greek god "Trojan" nor "Troy".

    They were contemporary to the great Greek empires, but as I recall they were not themselves Greek. Well, we know how wars and domination during the period went, any particular place in the area could be under a variety of empires, and likely change empires frequently.

Re:

[Anonymous Coward]

ZeuS, you dolt

Re:

[fiannaFailMan]

Close but no cigar.

Trojan refers to the citizens of the city of Troy, which is now known as Truva, Turkey. There is not a Greek god "Trojan" nor "Troy".

They were contemporary to the great Greek empires, but as I recall they were not themselves Greek. Well, we know how wars and domination during the period went, any particular place in the area could be under a variety of empires, and likely change empires frequently.

He was talking about Zeus. "No cigar" indeed!

What is it with /. this morning? Is it just me or is it full of pompous know-it-all assholes who are quick to shoot first and ask questions later at the slightest hint of an error in a post?

Re:

[Thanshin]

Whoever modded that down has no sense of humor or way too much religious sensibility.

Re:

[BillGod]

Glad it was you and not me. I was just getting ready to post almost the same thing. If I had mod points I would mod you up. I thought it very witty.

Shouldn't Software Houses Be Held Accountable?

[master_p]

I wonder how much more money should be stolen until Microsoft is held responsible for the non-security of Windows. I am not saying this for karma, I know that Microsoft Eulas say they are not responsible for anything, but I wonder for how long should that be acceptable, given the ubiquity of Windows.

If you think I am karma whoring, replace 'Microsoft' with anyone writing software running on millions of machines. Shouldn't software houses of that magnitude be held accountable for at least something like this

Re:Shouldn't Software Houses Be Held Accountable?

[Spad]

Why though? If Joe User is dumb enough to run "JustinBieberNaked.exe" as root/admin/whatever then no amount of OS security will prevent the machine from being compromised. The weakest point of any system is always between the keyboard and the chair.

Now if you're talking clear negligence in not fixing known issues, etc. then perhaps you have a case, but then why drawn the line at big companies, surely everyone should be equally liable even if they're a one-man operation working out of their bedroom?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Jurily]

You sound like a person blaming women being raped because she dresses sexy.

The people we're talking about are not just dressing sexy, they're walking in a prison, pulling their pants down and yelling "Come and get it, boys!".

Re:

[tecnico.hitos]

You sound like a person blaming women being raped because she dresses sexy.

The people we're talking about are not just dressing sexy, they're walking in a prison, pulling their pants down and yelling "Come and get it, boys!".

Actually, grandparent's analogy, compared to yours, seems more adequate.

While such people are endangering themselves by being ignorant, it is in no way their fault. Deciding what is safe or not to run is not exactly intuitive for someone with little knowledge on computers, yet if they don't explore and experiment by themselves, they are not likely to learn anything.

An user that runs "JustinBieberNaked.exe" as root simply knows no better. Ignorance is not a crime. Unauthorized access and theft, however, are

you have a point...

[KingAlanI]

in your commandline entries.
If Linux gets more popular, porn.wmv.exe is just going to become porn.ogg.rpm or something.

I don't think either of the sex analogies capture the "doing something stupid but don't know how stupid it is" essence.

Re:

[KingAlanI]

Then again, sex is known to interfere with rational decision-making, so maybe my last line doesn't entirely apply.

Re:

[Jackie_Chan_Fan]

Its not that people run JustinBiebernaked.exe... Its that they're downloading photoshop illegally :)

Re:

[djdevon3]

"The weakest point of any system is always between the keyboard and the chair."
On behalf of computer desks everywhere I take offense to that.

Re:

[boneclinkz]

Shouldn't software houses of that magnitude be held accountable for at least something like this?

Absolutely not.

Re:

[darpified]

Some accountability for their software, but this isn't the time or place for it. How many of these were cases of the user of the OS doing something stupid? At some point the user of the device needs to be held accountable for not properly patching/updating the device. If the software is something truly important, Space Shuttle O2 system, nuclear power plant, etc... Yes, they should be accountable for defects, but not because Facebook User #2,290,231 clicks on a malicious advertisement and gets malware in

Re:

[Narcocide]

Yes, despite an EULA that disavows them from any responsibility they actively market to the government, the military, and other purveyors of critical infrastructure and flat-out *lie* about its suitability for these purposes. This is criminal activity and should be addressed. At the very least there should be a warning label on the box - something like the government requires on other hazardous consumer goods like alcohol, tobacco, pesticides and household cleaners.

Re:

[Errol backfiring]

Should builders be accountable if your back door can be cracked with a simple crowbar? Breaking in is easier then keeping things or people out. In fact, it is so difficult to keep people out, that security is only added for "too easy" breaches. And then raised as necessary. And off course it must be used wisely. For a lot of vulnerabilities, you still have to invite the vampire in first.

Re:

[v1]

security is only added for "too easy" breaches. And then raised as necessary.

And windows of course doesn't NEED more security than say, it has NOW. (zeus botnet just isn't bigtime enough yet, costing consumers a paltry 2mil)

Re:

[markusre]

My heart tells me to bash MS, too.
But in this case..... heres my login message:

"Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law."

So in this case Debian(and i think this is true for most linux distributions) is similar to windows.
Please note that i refer to the notice, that it's not responsible and NOT to the actual amount of security issues.

Re:

[BrokenHalo]

Microsoft isn't quite so forthcoming in their licence agreements, but instead of just coming out and saying "no warranty", they hedge their terms in such a way as to mean the same thing and to require platoons of lawyers to break. Thing is, not one of any of the *nix OSs (including OS X) is vulnerable to this (or pretty nearly any other) exploit in the first place.

It doesn't work to claim that the unixy OSs don't get hit because they rely on security through obscurity. The simple fact is, they are more s

Re:

[Amorymeltzer]

It's an interesting thought, and not one I necessarily disagree with, but the inevitable analogies crop up:

- Should auto makers be accountable when people speed?
- Should gun makers be accountable for deaths caused by their products?
- Should websites be accountable for the content participating users share?

In my mind these are listed from most to least absurd, and the last is even relevant. We've got laws in place protecting websites (the whole boring Craigslist thing notwithstanding) and software isn't so

Re:

[Jeffrey_Walsh VA]

Not if Microsoft is doing their honest best to make their software secure, but someone finds a way to break in. However, what if it is discovered that Microsoft intentionally leaves vulnerabilities in their software - and perhaps even surreptitiously leaks the vulnerabilities over time? This would force users into applying updates that close the vulns, but may have ulterior purpose to Microsoft, such as degrading performance incrementally. Eventually this would force an upgrade (sooner that than otherwise

Re:

[couchslug]

That's a user issue.

If I choose to wear a gasoline-soaked jockstrap while toasting marshmallows, I should expect toasted yarbles as well.

Re:

[BrokenHalo]

TMI

Re:

[fiannaFailMan]

Goddamn you people are idiots !! There is no "eastern europe" !!

Who let Miss Teen South Carolina in here?

Primer on how to get caught.

[Freddybear]

Grabbed too much. Set off flags at the banks. Did the deed from a traceable location. And then kept on doing it until the cops showed up.

Re:

[grking]

Grabbing small amounts doesn't help you evade detection. Many people keep a close eye on their internet banking and notice pretty quickly if there's a transfer to another account which they didn't instigate. And that will have the victim on the phone to bank quicker than Zeus's thunderbolt.

Re:

[Freddybear]

Maybe so, but the big losses get escalated a lot faster. Two millions per month is going to set off all sorts of alarms.

Re:

[KingAlanI]

love the Office Space reference. However, it is a mundane detail, just with non-mundane implications.

Re:

[Mattpw]

Many ZeuS packages have an option to remove the outgoing transactions from the user's browser as part of the MITB package, this includes changing the balance total to before the outgoing transactions were made so the user wont know until a paper statement turns up if one ever does as many banks are ditching paper statements in favor of browser based ones. And since they are now using the same trojan tactics on users mobiles to defeat mobile sms authentication I am sure you will see a Zeus mobile trojan upg

But does it run on Linux??!

[mspohr]

As usual, no mention is made in the summary or the linked news item of the platform that runs this trojan. Most geeks will know but shouldn't the public be informed?

BTW, it's hard to hold Microsoft (or any software publisher) responsible for damages caused by these flaws even when grossly negligent. I think that the people who make the decision to run Windows should be accountable for their poor decision. I think most people know that Windows is full of holes for malware. It's negligent to run Windows

Zuse

[ciderVisor]

I thought this was going to be about some hardcore steampunk cyber-criminals, until I discovered it was spelt the wrong way [wikipedia.org].

ZeuS is now bypassing mobile SMS authentication

[Mattpw]

More interesting news this week is the gang behind ZeuS, as predicted, have successfully integrated man in the middle attacks against mobile phone two-factor authentication schemes. http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-i.html [s21sec.com]

Oblig.

[Bobb Sledd]

Opulence. I has it.

wonder which crew it was...

[hesaigo999ca]

I heard of the 409 crew, or the shadow crew, hope it is not either, as some of them guys were pretty cool hackers, more do sh*t then destroy sh*t, show proof of concept stuff, instead of formatting your drives....

O RLY?

[The Wild Norseman]

From TFA:

The 20-something mastermind behind the gang's operation has also been arrested in yesterday's raids...

Any "20-something" is hardly a mastermind of anything, except maybe WoW, and this proves it. At least the article didn't say the phrase "criminal mastermind." That would have royally cheesed me off and forced me to say even more derogatory things.