Case Study: Zeus & Money Mule Ring

Case Study: ZeuS & Money Mule Ring

Source:

And

This story relates to the activities of a criminal gang who were convicted of laundering millions of dollars utilizing the ZeuZ banking Tojan. The following extract has been lifted from a website krebsonsecurity.com. the Case Study demonstrates the nature of the organized criminal gangs and their capacity to undertake thefts of enormous value.

As krebsonsecurity.com explains:

“ZeuS is a commercial crimeware kit sold for a few thousand dollars per copy in underground online forums. It is primarily designed to steal sensitive financial data stored on victim computers or transmitted through victim Web browsers. ZeuS’s most advanced features allow criminals to inject content into a bank’s Web page as it is displayed in the victim’s browser in real time, take screen shots from infected PCs, and quietly redirect victims from banking Web sites to counterfeit versions set up by the attackers. ZeuS is set up so that stolen data is sent to a “drop server” controlled by the attacker, and it allows miscreants to control the infected systems remotely.

Currently, there are at least 160 unique ZeuS control networks online worldwide, according to Zeus Tracker, a site that keeps tabs on the number and geographic distribution of unique ZeuS botnets.

Andy Fried, owner of Deteque, a computer security consultancy in Alexandria, Va., has been tracking ZeuS related activity and spam for many months. Fried said that while rounding up those who are buying and deploying ZeuS botnets is important, going after the money mule infrastructure is the best way to ensure that the stolen data can’t be used.

“These ZeuS operations are a pipeline, and the money mules are a very important part of that,” Fried said. “[Online banking] credentials have intrinsic value, but it’s not until you’re able to utilize that information — and that’s where the money mules come in — that those credentials have real value. That’s why choking off the money mule network will probably have the best short-term detrimental effect against ZeuS.””.

Returning to the case study, krebsonsecutiry.com initially reported on the arrest of the individuals and the suspicions surrounding their activities. The following details how that arrest subsequently turned out with convictions for all 13 defendants involved in the cybercrime ring.

“Authorities in the United Kingdom have convicted the 13th and final defendant from a group arrested last year and accused of running an international cybercrime syndicate that laundered millions of dollars stolen from consumers and businesses with the help of the help of the ZeuS banking Trojan. The news comes days after U.S. authorities announced the guilty plea of the 27th and final individual arrested last year in New York in a related international money-laundering scheme.

According to the Metropolitan Police, the U.K. courts have convicted 13 members of the gang, including four who were profiled last year by KrebsOnSecurity shortly after their initial arrest and charging. The gang is thought to have used the ZeuS Trojan to steal nearly £3 million (USD $4.6M) from banks in the U.K. They are believed to be responsible for aiding in the theft of at least USD $3 million from U.S. banks and businesses in the past two years.

Yevhen Kulibaba

Karina Kostromina,

Yuriy Konovalenko

News of the convictions in the United Kingdom comes days after authorities in the United States announced the guilty plea of the 27th and final individual arrested last year in New York as part of a major law enforcement sweep against Russian and Eastern European exchange students-turned-money mules. U.S. prosecutors have charged a total of 37 Russian and Eastern European students in connection with last year’s law enforcement sweep; According to the FBI, two defendants have entered into deferred prosecution agreements, and eight defendants are fugitives and are being sought in the United States and abroad.

It should be noted that these individuals were only a small part of a much larger fraud ring. According to sources close to the investigation, the true masterminds of these ZeuS-powered bank heists reside in Donetsk, Ukraine, and have yet to be charged with any crime. Authorities in Ukraine this time last year detained five individuals identified by the FBI and other national law enforcement authorities as the “coders and exploiters” in the fraud operation, but the men were released and have not been charged with a crime.”

.

.