[Peaches]

Quote

RSA: Cybergang Hid Money Trail Behind 'Fake' Mules
URLZone Trojan attackers made sure their real money mules remained anonymous
Oct 06, 2009 | 12:29 PM
By Kelly Jackson Higgins
DarkReading
Turns out the bad guys using a sophisticated banking Trojan that covers its tracks also hid the identities of the money mule accounts they used.

Researchers from RSA's FraudAction Research Team discovered that the cybergang recently exposed in a report by Finjan knew its URLZone crimeware was being scrutinized, so the group set up decoy mule accounts in attempt to dupe researchers and keep them from the real money-mule account information.

"The fraudsters check if the computer used by the researcher is part of the 'legitimate' botnet of URLzone-infected machines. If the computer is deemed to be a 'foreign' one -- in other words, if the criminals do not know the computer -- they deliver a fake mule account to the computer used by the researcher," RSA researchers blogged last night. "This is the way they prevent their real mules from being exposed."

More details at DarkReading - http://www.darkreading.com/security/vulner...cleID=220301299