Swedish bank Nordea, the target of one of the largest online heists, has lost between 7 to 8 million Swedish kronor (a little over $1.1 million USD) over the course of 15 months. Security officials claim Swedish police traced computer servers first to the U.S. and then to Russia - no less than 121 Russian organized criminals are suspected to be responsible for the heist. Officials say the "bank robbers" used phishing emails to lure 250 Nordea customers, who supposedly did not have anti-virus software, into opening e-mail attachments entitled "raking.zip" or "raking.exe."
The attachments were disguised as anti-spam software, but contained a Trojan known as "haxdoor.ki" which installs a few keyloggers and then hides itself using a rootkit. When users attempted to activate their Nordea accounts online, the Trojan automatically responded by bringing the customer to a fake bank homepage. When the customers entered their personal information, the website would load an error page announcing that the site was having technical difficulties. Nordea claimed it suspected a few of the transactions but the majority were small withdrawal amounts, making it difficult to identify real transactions from the fraudulent ones. A police investigation is currently underway and the bank is reviewing its security procedures.