German Police Arrest 10 International Phishing Suspects - InformationWeek
Software // Enterprise Applications
04:38 PM

German Police Arrest 10 International Phishing Suspects

An 18-month police investigation led to the arrests of an alleged group of Russian, Ukrainian, and German phishers who were spending their loot on luxury cars and jewelry.

German authorities this week arrested a group of 10 people accused of running a Trojan horse phishing attack that has been targeting users' bank accounts.

The group includes Russian, Ukrainian, and German suspects, according to a release issued by Germany's Federal Crime Office. An 18-month police investigation culminated in arrests on Tuesday in several German cities, including Dusseldorf, Cologne, and Frankfurt. Toralv Dirro, a researcher with McAfee's Avert Labs, wrote in a blog post that investigators seized "a number of computers" during the arrests.

The defendants allegedly bought jewelry, cars, and luxury holidays with the money they made off the scam.

The group is alleged to have targeted online banking users by sending them fraudulent e-mails claiming to come from Deutsche Telekom, eBay, Wal-Mart, Ikea, or the German television licensing organization. Researchers at security company Sophos noted that attachments to the e-mails contained various Trojan horses, such as Troj/Clagger-AZ and Troj/DwnLdr-FYH.

"The German authorities deserve credit for putting the resources into investigating the deluge of malicious e-mails that computer users in their country were receiving in these campaigns," said Graham Cluley, senior technology consultant for Sophos, in a written statement. "The financial rewards for cybercrime are significant, and we are seeing more organized gangs getting involved in this kind of crime all the time. Everyone who has a computer needs to learn how to properly defend themselves, or risk having their money and identity stolen."

Dirro said the downloader Trojan connected with this group is ranked first in the list of Top Corporate User Malware in Avert Labs' Threat Library. Dirro also noted that German investigators "a number of computers" during their searchers.

"For many months there have been several waves a week of phishing e-mails sent with new variants of this downloader, that when executed would install some keylogging Trojan," wrote Dirro. "The e-mails typically look like a receipt sent from some company with details supposedly found in the attached .zip. Some of these e-mails even claimed to have come from German law enforcement agencies..."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll