Establishing Digital Trust: Don't Sacrifice Security for Convenience
The Slovenian National Computer Emergency Response Team (SI-CERT) recently announced that Slovenian police had detained five Slovenian citizens in connection with a scam that led to the theft of almost 2 million euros from European banks (h/t Softpedia).
SI-CERT began receiving complaints in mid-2012 regarding malware that logged user passwords and enabled remote access to victims' computers. The malware was apparently delivered via spam e-mails that specifically targeted accounting personnel in small and medium sized businesses.
The attackers apparently then used their access to the victims' computers to initiate bank transfers, usually on a Friday or on the day before a national holiday in order to minimize their chance of detection before the transfers were completed. The group used 25 money mules to complete the transfers.
It's not clear how the five who were arrested were linked to the scam, but the investigation lasted several months and was coordinated between the Slovenian police, SI-CERT, and Slovenia's Office for Money Laundering Prevention.