[LINK] SMH: A Cluster of Separate Scams
Richard.Chirgwin at informa.com.au
Wed Apr 7 10:38:15 EST 2004
> [This article opens up a lot more questions than it answers ...]
Ask them! :-)
> Spam scam taps into bank accounts
> The Sydney Morning Herald
> Date: April 7 2004
> By Sue Lowe
> Internet bankers are being urged to check their account balances
> after a spate of scams and one of the first reports of a
> virus-infected computer being used to raid an account.
> Almost $10,000 was stolen from a small Sydney firm's account using
> password details believed to have been extracted from an infected
> home computer.
"Believed to be". OK: keystroke logging is feasible; but this disagrees with
> The ANZ bank was able to quickly track the thief as the funds were
> transferred to another ANZ account
So - the person who wrote the virus (eg keystroke logger) had the virus send
keystrokes back AND happened to have an ANZ account. Antennae are
>, but the money is still to be
"Recovery" should not delay a return of funds to the victim. The bank
indemnifies; it does not tell the user "wait until we get the money back."
So: is the bank being unreasonable, or does it doubt the facts it's been
> An ANZ spokeswoman, Kate Gore, said the matter was now in
> the hands of the Federal Police.
> Mr McCrindle later found that a home computer was infected with two
> viruses, spybot.worm and bkdr.irc.flood, both of which leave the
> computer vulnerable to malicious access.
My understanding [open to correction] of spybot is that you would have to be
the virus author to give it "send the keylog to X"-type instructions. I
can't find details about bkdr.irc.flood but will presume someone else can
[snips phishing description]
> If users access their account at that point the password details
> would be copied and forwarded by email to a site in Russia.
This this non-sequitur to the attack which opened the report. In one, the
visitor is duped into giving password information to the wrong site; in the
opening of the story, we were talking about a trojan/keylogger attack.
Also - the Russian criminals have remotely opened an ANZ account to accept
More information about the Link