A gang that used a computer trojan to break into online banking accounts and steal money was dismantled by the Finnish police who arrested seventeen suspects.According to Mikko Hypponen, chief research officer at Finnish antivirus vendor F-Secure, the attacks occurred in early 2010 and targeted customers of Nordea Finland.
The gang used a variant of the Gozi trojan, also known as Papras, to steal online banking credentials from 89 of the bank's customers.
The information was used to initiate over 100 fraudulent transactions valued at €1.2 million. The bank managed to recover most of the money, with the exception of around €178,000.
Two Estonians who are in custody are believed to have masterminded the whole operation and were charged with aggravated fraud.
The rest of the suspects are Finnish and are accused of money laundering after playing money mule roles. They have been released on bail.
"Police has finished the investigation now. We are not aware of similar attacks at the moment," F-Secure's Mikko Hypponen noted.
The attacks were very similar to those commonly seen in the United States and UK. A piece of malware infected computers used for online banking and stole credentials which were then used to fraudulently send money to local accomplices.
Money mules are used to avoid international transfers, which are more heavily scrutinized than local ones, especially if the account owners have never engaged in such transactions.
The money mules usually Keep a part of the sum as commission and wire the rest via Western Union or other less traceable services.
Back in September, US authorities have charged 37 people suspected of assisting overseas ZeuS fraudsters to move money out the country.
In order to counter such attacks, banks, especially those in Europe, have implemented two-factor authentication systems that require authorizing transactions with unique codes sent or generated on their mobile phones.