Barney's Blog

Blog archive

Zeus-Style Worm Rips off Banks, Finance Houses

I may be naïve, but I find it hard to believe that malware (especially automated malware) in these days of layered protection, can steal millions upon millions of dollars from highly successful financial institutions.

But that is precisely the claim of McAfee and Guardian Analytics, who just published a report on the subject that printed loss figures (but didn't name the names of those companies who got hacked).

The malware is based in part on Zeus, and is cleverly (I guess) named High Roller since the companies its steals from have lots of dough.

The hacks are a combination of hands-on hacking and automated pilfering of ongoing financial transactions.

McAfee believes a little as $75 million and as much as $2.5 billion may have been lifted, but with a range this wide, does the company really have any clue?

What is your take on all of this? Is it really still this easy to steal this much money and not get caught? You tell me at

Posted by Doug Barney on 06/29/2012 at 1:19 PM

comments powered by Disqus

Reader Comments:

Sun, Jul 1, 2012 John Canberra Australia

And this is the same technology that is used by the military to control its unmanned autonomous weapons platforms. Next thing you know – those US-manufactured weapons platforms will be hijacked and start attacking allied facilities and troops. But then – who cares about a few human beings when dollars are at stake?

Sat, Jun 30, 2012 Eddy

It's time to completely seperate the banks and government networks from the Internet and strickly enforce no connections between any of them. The effort & $'s to build two additional networks would be worth the cost.

Fri, Jun 29, 2012 Tomm Seattle

And they can be stealing from themselves among possibiities ... balance sheet shows a loss, double your money, sound familiar?

Fri, Jun 29, 2012 RMMR

Frankly, I am not surprised that billions can be stolen. Just last year, it finally went public that Credit Unions loose $1bn a year from small businesses and funds are never refunded. Reason, I guess credit unions can't afford to spend much on security if they do not have to refunds loses to small businesses (business accounts do not have FDIC insurance). It will be even easier with IPv6 as all computers will be in a cloud, unless legacy IPv4 is maintanined behind firewalls and eventually, nobody will know how to use IPv4. Just from personal experience, every year, every employer goes through spam/fraud/security training to not click on link that you don't know. And.... as you can guess, once in a while houndreds of emails goes through the company and email system has to be shutdown as people click on the link, which sends emails to everyone in the company. With tablets, "smartphones" and other internet connected equipment, security is something that nobody wants to spend too much money on untill they experience losses due to breach. The safest way to keep money, is without internet access, but we wouldn't be able to live withe anymore and hackers know that.

Fri, Jun 29, 2012 EVVJSK

"and not get caught ?" I think that may be the big question. Sooner or later they may track down the bad guys, but will they already have spent the money. Also, depending upon what country they reside in, it will determine how much cooperation law enforcement gets from local government. Hard to believe banks and financial institutions don't have better security and near immediate auditing so they can quickly detect these loses.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.