German Police Arrest 10 International Phishing Suspects

An 18-month police investigation led to the arrests of an alleged group of Russian, Ukrainian, and German phishers who were spending their loot on luxury cars and jewelry.

Sharon Gaudin, Contributor

September 13, 2007

2 Min Read

German authorities this week arrested a group of 10 people accused of running a Trojan horse phishing attack that has been targeting users' bank accounts.

The group includes Russian, Ukrainian, and German suspects, according to a release issued by Germany's Federal Crime Office. An 18-month police investigation culminated in arrests on Tuesday in several German cities, including Dusseldorf, Cologne, and Frankfurt. Toralv Dirro, a researcher with McAfee's Avert Labs, wrote in a blog post that investigators seized "a number of computers" during the arrests.

The defendants allegedly bought jewelry, cars, and luxury holidays with the money they made off the scam.

The group is alleged to have targeted online banking users by sending them fraudulent e-mails claiming to come from Deutsche Telekom, eBay, Wal-Mart, Ikea, or the German television licensing organization. Researchers at security company Sophos noted that attachments to the e-mails contained various Trojan horses, such as Troj/Clagger-AZ and Troj/DwnLdr-FYH.

"The German authorities deserve credit for putting the resources into investigating the deluge of malicious e-mails that computer users in their country were receiving in these campaigns," said Graham Cluley, senior technology consultant for Sophos, in a written statement. "The financial rewards for cybercrime are significant, and we are seeing more organized gangs getting involved in this kind of crime all the time. Everyone who has a computer needs to learn how to properly defend themselves, or risk having their money and identity stolen."

Dirro said the downloader Trojan connected with this group is ranked first in the list of Top Corporate User Malware in Avert Labs' Threat Library. Dirro also noted that German investigators "a number of computers" during their searchers.

"For many months there have been several waves a week of phishing e-mails sent with new variants of this downloader, that when executed would install some keylogging Trojan," wrote Dirro. "The e-mails typically look like a receipt sent from some company with details supposedly found in the attached .zip. Some of these e-mails even claimed to have come from German law enforcement agencies..."

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights