UnNews:Hackers nab €800,000 from Nordea Bank
20 January 2007
STOCKHOLM, Sweden, Friday (UNN) — Russian hackers have accepted €800,000 in donations from customers of Nordea, Sweden's largest bank, after a sophisticated "phishing" campaign recruited customers into downloading a Trojan horse program that recorded their account login details.
The Russians had looked up the definition of "hacker" in the Jargon File and been inspired to leverage the creative power of open source Free Software. The first campaign took place in August 2006 and was detected a month later, having affected around 250 Nordea customers.
The emails claimed to be from the Nordea Open Trojan Foundation, telling recipients to install an anti-spam and donation tool. Their computers were then infected by the Trojan HaxDoor.RMS.w32, which installs itself in C:\WINDOWS\SYSTEM32 and sends your passwords to its creators, but only after you have read through and accepted the GNU General Public License and checked the README file for known problems. The email also included full source code.
Swedish police traced the attacks to Russia by looking at the contact details, including address and phone number, included in the README. They have filed over 100 bugs on the creators' SourceForge project and joined the mailing lists on the grass-roots marketing and publicity site SpreadHaxDoor.com.
A Nordea spokesman said the attacks have "quietened down" after the initial influx last Autumn. "We are constantly looking at the security of our online banking and many different measures are taken. We are updating our systems behind the scenes. Many already run on enterprise Linux distributions, but we will be moving desktops to Linux as well for more efficient funds transfer with less reverse engineering required, and may recommend that our customers do the same."
The Trojan only affects computers running Windows. "For unsupported platforms, we have an 'honor system' which gives our details so you can send some money in," said a spokesman for the hacker group. "We hope this will help and encourage contributors interested in porting the Trojan to other operating environments."