A Russian group is doing check counterfeiting in the US using malware, botnets, virtual private networks and money mules recruited online, according to research revealed at the Black Hat hacker conference on Wednesday.
The SecureWorks Counter Threat Unit investigated the operation over three months and is now working with law enforcement agencies to find out who is responsible for the scam, which is believed to have netted as much as $9m (£5.8m) from fake cheques in the last year.
SecureWorks researchers uncovered the complicated operation in April when it discovered a unique variant of the well-known Zeus Trojan that targets Windows-based PCs, the security company said. In addition to stealing login credentials, the Trojan established a virtual private network (VPN) connection from the infected computer to a remote server using the PPTP (Point-to-Point Tunneling Protocol) functionality in Windows. It also listened to a random TCP (Transmission Control Protocol) port in order to serve as a Socks proxy.
For more on this story, see Check counterfeiting using botnets and money mules on CNET News.