Swedish Bank Taken for Over $1 Million by Cyber Crooks

Customers were duped by a phishing scam coupled with a version of the Haxdoor Trojan installed on their computers.

Thomas Claburn, Editor at Large, Enterprise Mobility

January 24, 2007

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Cyber crime apparently pays quite well. Swedish bank Nordea has acknowledged that about 250 of its online banking customers have been robbed of about 8 million Swedish kronor -- roughly $1.14 million dollars -- as a result of a targeted phishing campaign.

The attack took place over the past 15 months, according to Boo Ehlin, a spokesman for the bank. Swedish trade publication Computer Sweden reported that 121 people may have been involved in carrying out the attack, but Ehlin could not confirm that figure. The article identified Russian cyber thieves as being behind the attack.

The phishing e-mail was designed specifically to fool Nordea's online banking customers into downloading what was supposed to be an anti-spam application, according to computer security company McAfee. Those duped ended up with a version of the Haxdoor Trojan on their computers. The malware redirected them to a phony login page that captured their online banking user names and passwords.

"These types of Trojans are quite sophisticated," said David Marcus, security research and communications manager at McAfee Avert Labs. "It's not just something that's sitting in the background capturing screenshots. ...[T]hey're actually designed to wait for you to go to a specific financial institution, so they're not capturing everything."

"What they then do is redirect you to the fake Web site, which looks just like the real thing, and present you with what looks like a real login screen," explained Marcus. "There goes your account login, PIN, and money."

"The interesting thing is the bank actually did nothing wrong in this instance," said Marcus. "And this type of Trojan is something we run into a lot out in the wild. It's one of the largest classes of malware out there. So this attack is really nothing new. This particular one just happened to be a bit more successful than some of the ones we had seen."

Indeed, Nordea was hit with a similar attack in August 2005. The bank says it has almost 10 million customers, 4.6 million of whom bank online, in the Nordic and Baltic regions.

"We have reimbursed all the customers, so they will not take any loss," said Ehlin, who explained that the affected customers had outdated antivirus software or none at all. He said Nordea intended to make free antivirus software available to customers that don't have it already.

"It never ceases to amaze me that people will do online banking, exposing huge amounts of financial information, and not take basic precautions," said Marcus. "I was born in a really bad neighborhood and you're just taught to take certain precautions, like not walk down dark streets at night. And the Internet has to be approached the same way."

Read more about:

20072007

About the Author

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights