USA charges 60 people as part of international ZBot investigation

Filed Under: Law & order, Malware

Zeus
The US Department of Justice has charged more than 60 people in connection with a criminal scheme involving the ZBot Trojan horse.

ZBot, also known as Zeus, is a family of malware that can hijack your computer, making it part of a criminal botnet. Over the past few years cybercriminals have used different versions of ZBot to steal money from online bank accounts, login details for social networking sites and email/FTP information.

It's not uncommon for "money mules" to be used to transfer money from accounts, once they have been compromised through use of malware.

Details of the precise charges are expected to be released by the US Attorney and Manhattan District attorney at 1 pm EST today.

According to media reports, the action is related to the arrest of 19 people in London which occurred earlier this week.

New Scotland Yard has annnounced that 11 people have been charged in relation to the UK arrests. All eleven live in Essex, although they originally hail from the Ukraine, Belarus, Latvia, Estonia and Georgia.

They face charges of conspiracy to defraud, money laundering and passport offences, and were scheduled to appear in Westminster Magistrate's court today.

Reading between the lines, it's possible that the authorities believe that those arrested in the UK are ringleaders of the gang, and the US arrests are mostly the "money mules" who were used to actually convert stolen details into cash.

Using "money mules" who are in the same country as the victims of identity theft is a way to reduce the chances of the banks' internal fraud detection mechanisms from firing. If a US citizen suddenly withdraws money from an ATM in Latvia the bank will get suspicious but if they withdraw from an ATM in New York it will raise fewer questions.

It's good to see the US and UK authorities working closely to fight the growing problem of cybercrime. Those involved in the internet's criminal underworld may be becoming more organised and international in nature, but they are in danger of learning the hard way that the good guys are also co-operating more closely than ever before.

But anyone who believes that this is the end of criminal gangs using ZBot to infect computers to steal money is sadly mistaken. The kit is still available for download from underground websites by anyone with an interest in cybercrime.

* Image source: Ocularinvasion's Flickr photostream (Creative Commons)

, , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.