FYI...

"High Roller" trojan targets SEPA transactions - Single Euro Payments Area
- http://h-online.com/-1754446
21 Nov 2012 - "Cyber-criminals are targeting the European SEPA payments network, according to a report* from security specialist McAfee. Within the EU, SEPA transactions are uncomplicated because they make no distinction between domestic and cross-border transactions. In this case, that also benefits the online crooks who usually transfer money from the victim's account to foreign bank accounts. The report says the malware involved is part of "Operation High Roller"** where criminals extracted large sums from business accounts. Unlike traditional online banking fraud, which uses trojans such as ZeuS and SpyEye, the crooks infect only a small number of specific specialist computers with malware in order to get at money. This reduces the risks of detection considerably. In the current case, the scam only infected about a dozen customers. The malware acts in a remarkably similar manner to how ZeuS and others work: after infection it inserts itself into the system's browser and waits for a user to access their bank's web site. Once there, the pest adds its own JavaScript code, called Web Injects, to perform the fraudulent withdrawals. The malware takes its instructions from a command and control server which is, McAfee says, located in Moscow. The software is hard-coded to withdraw amounts ranging between €1,000 and €100,000 depending on the balance of the account. Examination of log entries from the control panels of the command server showed that at least one of the banks being targeted would have seen an estimated €61,000 of attempted SEPA transactions to mule accounts..."
* http://blogs.mcafee.com/mcafee-labs/...m-german-banks
"... Conclusion: Although many of the basic threat techniques haven’t changed much, new ways of targeting a financial institution’s online channel continue to grow. The fraudsters are looking for different angles to exploit: these can be anything from the processing times in ACH payments that allow them to get funds to mules quickly, to the lack of two-factor authentication associated with outgoing wires. In this case, the fraudsters have evolved from automated wire transactions to different types of payment channels. We don’t expect Operation High Roller activity to disappear anytime soon, so it’s important that we stay vigilant for these attacks."

** http://h-online.com/-1626663
27 June 2012