July 27, 2009

Bank theft started with trojan virus

Federal investigators said malicious software worked its way from Bullitt County, Ky., email systems to a bank account to steal $415,989.

The heist of county funds occurred in late June, The Louisville, Ky., Courier-Journal reported Monday. But investigators say Ukrainian computer thieves have also used the trojan software ZeuS to infiltrate bank accounts in the Britain, Spain and Italy in thefts totaling $6 million.

Don Jackson, a director at SecureWorks, a computer security company, said the virus was one of the biggest malware threats we've seen.

Investigators still do not know where the Bullitt County money went, the newspaper said.

The county and its bank, First Federal Savings Bank in Elizabethtown, Ky., are now swapping blame for the computer breach.

County officials have initiated a lawsuit to force the bank to refund the missing money while bank President Greg Schreacke said the problem began with county's computers, not the bank's.

The software does not slow computers or prompt annoying pop-ups, giving users little indication that it may be in the system hunting for information.

It's looking over your shoulder when you're doing your banking, said Elizabeth Clarke at SecureWorks.

It usually grabs everything it needs to play you, she said.