The FBI is warning the public about a growing trend in which cyber criminals use exploited online banking credentials of U.S. businesses to send unauthorized wire transfers to Chinese companies.
Between March 2010 and April 2011, the FBI identified 20 incidents in which the online banking credentials of small- to medium-sized U.S. businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies near the Russian border.
In a typical scenario, the computer of a person who can initiate funds transfers on behalf of the U.S. business is compromised, either by a phishing email or by visiting a malicious website. When the authorized user tries to log into their bank website, he or she is typically redirected to another webpage that says the bank website is under maintenance or otherwise unavailable.
While the user is experiencing logon issues, the cyber crooks initiate the illegal transfers to commercial accounts held at intermediary banks typically located in New York. Money is then transferred to the Chinese bank accounts.
Although the type of malware has not been determined in every case, some of the cases have involved ZeuS, Backdoor.bot and Spybot. In addition, one victim reported the hard drive of the compromised computer was erased remotely before the IT department could investigate.