Police in Turkey have arrested 17 members of a gang the stole about $300 000.00 from Internet bank accounts.
The gang apparently worked alongside three Russian hackers, who provided them with banking user names and passwords stolen using spyware – in exchange for 10% of the money stolen.
Reports in the Turkish media say that hundreds of internet users began to complain about unexpected withdrawals from their online bank accounts in January.
A 20-strong team of the Izmir Organized Crime Bureau investigated the case, discovered the IP addresses of the computers making the illegal transactions, and made simultaneous raids at different addresses in Izmir, Fethiye, Didim and Kusadasi.
"In recent years there has been a growth in the number of viruses and Trojan horses written specifically to steal banking information from web surfers," says Graham Cluley, senior technology consultant for Sophos. "Spyware can silently hide on a user's computer waiting for them to type in their confidential information and then surreptiously share it with the hackers.
"The Turkish authorities should be applauded for looking into this case so speedily, but this is just the tip of the iceberg. Phishing and spyware is a global problem, and all computer users need to defend themselves better against these kind of menaces if they want to continue to bank online safely."
Names of the three suspected Russian hackers have been shared with Interpol. Sophos experts noted in the Sophos Security Threat Report 2007 that Russia is one of the top producers of malware, accounting for 4,1% of all malware authored during the last year.