A total of 8 million kronor (£600,000) has been stolen from Swedish bank Nordea since last autumn after attacks by hackers, it has been revealed today.
Police have said they suspect organised criminals from Russia used a Trojan (a programme that installs malware on computers), affecting more than 250 customers, leaving a log of information sent to servers in Russia.
The bank said it has known of the breach for some time, but has only now decided to go public as more reports of new victims are received daily. It also said the first attack occurred in September 2006 and that it has been in contact with customers separately.
The attack started when the trojan sent in the name of the bank to the bank’s clients. The sender encouraged clients to download a spam fighting application. Users who downloaded the attached file raking.zip or raking.exe were infected by the trojan haxdoor.ki.
When the first attacks begun it was clear that the haxdoor version had been modified to target the bank. The Trojan then activated itself when users try to log in. The trojan then saved the information and displayed an error message asking the client to resend the information. The criminals then had two access codes in their possession, which was enough to transfer money.
Police said the attack could have been worse, had Nordea not identified and cancelled more fraudulent transactions going through its systems. It has also been the victim of phishing attacks targeting customers.
"Customers must never suffer loss due to things like this," said spokesman Boo Ehlin.
The bank says it continuously reviews its security procedures, but urged customers to review their virus protection.