Shawn Ballesty of All Mounting and Diecutting Services in Sydney saw $18,000 vanish from his business' bank account after malicious software infected the company's computers. Photo: James Brickwood
At first, Shawn Ballesty thought the delay in his rent payment arriving in the landlord's account was normal.
Then the landlord rang again: "Hey mate, your rent wasn't paid," Ballesty recalls his landlord saying, knowing he made the online transfer himself.
"So I thought, I'll send it again, just in case, then sort it out with the bank."
Once more, a payment was made and a receipt issued, but the money didn't arrive.
The Commonwealth Bank traced the transfers and advised both had been hijacked and, invisibly to Ballesty, deposited into a third party's account with another bank. A computer at Ballesty's business - All Mounting and Diecutting Services, on Sydney's northern beaches - was infected, the bank explained.
A banking trojan - malicious software - had been installed on it without his knowledge. Ballesty was just one of thousands of people across Australia and the world to have their business bank account fleeced by cyber criminals.
Such malware is often distributed via infected email or instant message links sent via spam, attachments, pirated software or visits to infected websites.
"It got out of control, they were intercepting it while I was doing stuff [online]," Ballesty says.
Along with the rent, other smaller amounts were taken: a total of $18,000 stolen in less than a week.
Australian banks have been quietly working to deal with the problem, in particular a trojan called Carperb, which has infected about 150,000 PCs in Australia. Once installed, it presents a fake transaction page and allows the attacker to view the victim's browser in real-time.
The malware has been customised for clients of the Commonwealth Bank, ANZ, Westpac, the Bank of Queensland, Bendigo Bank, Adelaide Bank, Teachers Mutual Bank, DefenceBank, Suncorp, Bankwest and NAB, according to the Russian security company Group-IB, which is helping the banks.
"Right after the user goes online and wants to make a transfer, they will intercept his session on the browser and spoof the destination of the transfer absolutely silently," Andrey Komarov, head of international projects, says.
But banks aren't the only ones fighting. In June Microsoft and the FBI - aided by authorities in more than 80 countries, including Australia - launched a major assault on one of the world's biggest cybercrime rings, which is believed to have stolen more than $US500 million from bank accounts in the past 18 months.
The operation was aimed at a different trojan, Citadel. The Citadel botnet - a web of 1400 networks of 5 million zombie computers infected with malware - has been used, Microsoft says, to steal from dozens of financial institutions including American Express, Bank of America, Citigroup, eBay's PayPal and HSBC. The company alleges Citadel is controlled by a boss known as Aquabox who sells malware kits on the internet underground and takes a cut from the money stolen. The software disables antivirus programs on infected PCs to stay undetected.
Sign up for CIO Asia eNewsletters.