Blog article
See all stories »

UK Financial Institution loses 675K in 30 days

M86 Security ( have published a (13-page) white paper on a recent online banking attack which resulted in £675,000 being stolen from approx 3,000 customer accounts at an (unnamed) UK Financial Institution in the 30 day period from 5th July.

Multiple techniques were used to spread malicious code, including infecting legitimate websites with malware & creating fraudulent online advertisement websites

The cybercriminals used well-known Exploit Kits which can be purchased for a few hundred dollars which are notorious for efficiently exploiting victim’s browsers to install Trojans onto their PCs.

Once the Zeus v3 Trojan was successfully installed on victims’ PCs and after the victims logged into their online bank accounts, the Trojan transferred various pieces of data to the cybercriminals Control system. After analysing the data, the Trojan Control system determined whether the user had enough money in the account, and selected the most appropriate accomplice account to receive the money, wrapped all the data, and sent it back to the Trojan installed on the victim’s machine. This was then was used to initiate the money transfer from their accounts.  

Depending upon how blasé or relaxed you are about online banking, there is no excuse not to monitor your bank account, particularly if you’ve switched off getting paper statements, to ensure no rogue transaction have occurred. In this example, each customer lost an average of £200 – there are no details as to whether people were hit with a single one-off transaction, or whether there were smaller amounts of say £50 on a weekly basis. They might not necessarily have been sent to the same accomplice in each instance.



Comments: (3)

John Dring
John Dring - Intel Network Services - Swindon 03 September, 2010, 12:53Be the first to give this comment the thumbs up 0 likes

Just a comment on this one, and a pet peev.  It doesn't help when merchants register POS transactions from obscure head offices or with disconnected parent company names. 

For example, paying £75 for petrol (yes, £75!) on the motorway somewhere up north, comes up as a transaction from a different company name down south.  It makes it pretty difficult to recall what that transaction was and whether it is valid.

Cheque payments are worse - obviously they are just a cheque number and value, but at least they can be checked in the cheque book.

Online payments are the best, because they include my own entered reference text.

Direct debits are sometimes confusing too.

Keith Appleyard
Keith Appleyard - available for hire - Bromley 03 September, 2010, 13:55Be the first to give this comment the thumbs up 0 likes

I agree, I can remember years ago being very confused when presented with "UB Dartford" - I'd never been to Dartford - turned out it was United Biscuits (HQ in Dartford) central bank a/c - pertaining to their subsidiary "Pizza Hut".

Brititsh Airways is another one - a central bank a/c at Harmondsworth (Heathrow) irrespective of which Airport in the world you actually bought the ticket. Other multinationals like Hertz (Tulsa Oklahoma) are the same.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 06 September, 2010, 06:42Be the first to give this comment the thumbs up 0 likes

With their realtime, bite-sized, anywhere-access features, I personally find SMS alerts to be most effective in keeping a track of transactions in my bank accounts. To avoid drowning under too many SMS messages, I find the ability to set a threshold useful, so that only transactions exceeding that figure will trigger an alert.



Keith Appleyard

Keith Appleyard

IT Consultant

available for hire

Member since

17 Aug 2007



Blog posts




This post is from a series of posts in the group:


A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

See all

Now hiring