Similar to other banking Trojan programs like Zeus or SpyEye, Gozi Prinimalka can detect when victims access banking websites and steal log-in credentials and other data associated with their accounts. That may include challenge-question answers for outgoing transactions, account balances and time-stamps for their last log-in. The malware targets a list of websites belonging to U.S. national banks, investment banks and credit unions.
After accounts with high balances have been identified, the attackers use the stolen credentials to initiate money transfers to accounts set up by co-conspirators known as money mules, who then withdraw the funds and wire them out of the country.
To prepare for Project Blitzkrieg, financial institutions can tweak their fraud detection systems to look for anomalous behavior such as log-ins coming from foreign locations, log-ins coming from the customer's IP (Internet Protocol) address at unusual hours or transactions from multiple unrelated accounts going to accounts owned by the same person, he said.
VorVzakone mentioned that he's going to be doing "Skype flooding," so financial institutions should be aware that their customer service lines might be flooded and they should take any action that they can to address that, Sherstobitoff said. They should also advise their customers to update their antivirus software and report any suspicious messages or pop-ups that are not typical of online banking.
Sign up for Computerworld eNewsletters.