KOMPAS.com - Cyber criminals have raided the accounts of thousands of British internet bank customers in one of the most sophisticated attacks of its kind.
The fraudsters used a malicious computer programme that hides on home computers to steal confidential passwords and account details from at least 3,000 people.
The internet security experts M86, who uncovered the scam, estimate that at least £675,000 has been illegally transferred from the UK in the last month - and that the attacks are still continuing.
All the victims were customers with the same unnamed online bank, the company said. Last night online banking customers were urged to make sure their anti-virus software was up to date - and to check for any missing sums from their accounts.
The attack has been traced to a 'control and command' centre in Eastern Europe. However, the nationality of the cybercriminals is unknown. The attacks were carried out when hundreds of thousands of home computers were infected with a type of harmful computer code called a Trojan.
Trojans hide in websites, emails or downloads. Once installed on a computer they can record every type of the keyboard, steal confidential information or even open up a PC's security so that it can be controlled remotely from another country.
The latest attack involved a Trojan called Zeus v3 which hides inside adverts on legitimate websites. Once installed on a home computer, the programme waits until the user visits their online bank and then secretly records their account details and passwords - using the information to transfer between £1,000 and £5,000 to other bank accounts.
The attacks began on July 5 and are still progressing, according to Ed Rowley, product manager at M86.
'In the vast majority of cases, if people had kept their computer's operating systems and software such as Internet Explorer up to date they would not have been attacked,' he said.
'More often than not Trojans exploit known vulnerabilities that can be simply patched and fixed by downloading updates.'
McAfee, the security software maker, said production of software code known as malware, which can harm computers and steal user passwords, reached a new high in the first six months of 2010.
It said total malware production continued to soar and 10 million new pieces of malicious code were catalogued.
It also warned users of Apple's Mac computers, considered relatively safe from virus attacks, that they may also be subjected to malware attacks in the future.
'For a variety of reasons, malware has rarely been a problem for Mac users. But those days might end soon,' a spokesman said.
'Our latest threat report depicts that malware has been on a steady incline in the first half of 2010,' Mike Gallagher, chief technology officer of Global Threat Intelligence for McAfee, said in the report that was obtained by Reuters.
The internet security company has passed on details of the attacks to the UK Police Central E-Crime Unit in London.
Britain's high street banks declined to comment on the attacks, but urged customers to protect themselves from virus attacks.
A spokesman for HSBC said: 'There are millions of viruses and other malicious software.
'We urge people to take basic measure to protect themselves from virus attacks.
'Any customer who is a victim of fraud will be reimbursed by HSBC.'
Last year £59.7 million was stolen in online banking fraud, while another £440 million was lost to credit card fraud.
A Financial Fraud Action UK spokeswoman said: ‘The idea that criminals are targeting people by using malicious software or Trojans is nothing new.
‘Bank systems are hard to attack so they’re having to go through the easier link in the chain, which is the customers.
‘They’re hoping customers aren’t taking security precautions. We’ve been seeing this for the last few years and we’re constantly urging people to protect their computers to try to mitigate the risk of becoming a victim.”
Online banking customers can take measures to protect themselves by keeping their anti-virus software up to date and keeping their firewalls set to the highest level, she added.
Victims of online banking fraud usually get their money back. Earlier this month, an internet security company Trusteer, warned that 100,000 British computers were infected with an earlier version of Zeus.