US internet bank heist is real threat, says McAfee

Posted by Emma Woollacott

Project Blitzkrieg - a hacking attack against US bank customers threatened for early next year - is a genuine danger, according to security researchers at McAfee.

The initiative was announced in September by someone using the nickname 'vorVzakone' on a Russian language forum. The plan was to team up with other cybercriminals to carry out a 'heist' and split the proceeds.

The group says it'll target the customers of 30 banks using a Trojan program called Gozi Prinimalka.

"VorVzakone’s claim was met with skepticism from Russian Underweb forums as well as from others in the research community," says McAfee threat researcher Ryan Sherstobitoff.

But, he adds: "If the aims of Project Blitzkrieg, as vorVzakone has claimed, become fully realized by spring 2013, the financial industry needs to be fully prepared."

According to McAfee, an active Gozi Prinimalka campaign was discovered several weeks after VorVzakone’s initial forum posting, and has infected more than 80 victims across the United States. This, says Sherstobitoff, gives credence to the claim that other cybercriminals have signed up for a piece of the action.

McAfee's also discovered a pilot campaign, he says, that operated from March to late April this year.

Gozi Prinimalka can detect when infected machines access banking websites, and steal login data. Once it's identified accounts with high balances, it initiates wire transfers to extract the money.

"Although Project Blitzkrieg hasn't yet infected thousands of victims and we cannot directly confirm any cases of fraud, the attackers have managed to run an operation undetected for several months while infecting a few hundred," warns the report.

"That subsequent campaigns using Prinimalka have popped up after the initialforum posting, though connecting to different infrastructure, suggests that other groups have bought into VorVzakone’s offer."