London’s Southwark Crown Court on Friday imposed sentences of as much as 4 and a half years on the men. According to IDG News, they used a trojan known as PSP2-BBB to stealthily monitor victims’ browsers. It inserted special fields into banking pages that asked for sensitive information and then sent it to the criminals when the user complied.

To give it the pages air of legitimacy, they bore the logo of NatWest, according to other news reports. The gang used a stable of money mules to transfer the funds to countries including Ukraine, which is also the location of a computer server that was used in the scam.

At least 138 banking customers were affected with “just under £600,000 being fraudulently transferred,” according to the Press Association. Almost £140,000 was later recouped from Royal Bank of Scotland, NatWest’s parent company.

Read full article here.

A Pennsylvania organization that helps develop affordable housing learned a painful lesson about the hazards of online banking using the Windows operating system when a notorious trojan siphoned almost $480,000 from its account.

News reports here and here say $479,247 vanished from a bank account belonging to the Cumberland County Redevelopment Authority after it was hit by Clampi. The trojan gets installed by tricking users into clicking on a file attached to email and then lies in wait for the victim to log in to online financial websites. The authority has so far been able to recover $109,467 of the stolen loot.

The theft is part of a rash of online heists that have stolen millions of dollars from businesses and non-profit organizations. While circumstances are different in each case, they all point to a single point of failure: Each theft relied on the successful compromise of a Windows-based system.

Read the full article here.

The video shows in seven simple steps how to take over an ebanking session of a victim and which tools you need to accomplish this stunt.
The weakest link in the chain is (obviously) not the bank itself but the trustful user,  who executed the trojan horse he received by a patient attacker. Once an attacker is on the victim system, he has full control and power to deceive the victim and make him believe everything is just fine. Hostnames are redirected to the attackers proxy server and SSL certificates are injected in the certificate store. So in reality, nothing is just fine!

In the following video, the ebanking server was not hacked. Only my machine was infected which allowed me to intercept the encrypted data. Everyhing you see happened inside my local network and no foreign machines were affected.

Here the link to Rapidshare to download the video : Megapanzer 0.1

Both Youtube and Vimeo removed the video after some time so the next place to see for how long the video will stay online is Metacafe. But the quality is rather bad and probably it’s me who will move it to an other video portal.