The alleged attacks saw funds transferred from the accounts of small businesses to unknown recipients in China. The criminals tried to send $20m - that the FBI knows of - to accounts near the Chinese-Russian border, with some $11m of the funds making it through the stop-checks in the international banking system.
“Between March 2010 and April 2011, the FBI identified incidents in which the online banking credentials of small-to-medium sized businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies,” the FBI said in a warning.
“In a typical scenario, the computer of a person within a company who can initiate funds transfers on behalf of the business is compromised by either a phishing email or by visiting a malicious website. The malware harvests the user’s corporate online banking credentials.”
According to the officials, when a compromised user tried to log on to the banking site, they were stalled with a phoney log-in page that said the accounts were unavailable, while the crooks accessed the account and transferred money to intermediary banks.
The funds were then shifted again to legitimate company accounts in China, although the FBI said it was unclear what happened to the money once it arrived.
“It is unknown who is behind these unauthorised transfers, if the Chinese accounts were the final transfer destination or if the funds were transferred elsewhere, or why the legitimate companies received the unauthorised funds,” the FBI said.
The money transfers ranged from $50,000 to $985,000 and company accounts were accessed using a number of malware tools, including ZeuS, Backdoor.bot, and Spybot.
This article originally appeared at pcpro.co.uk