Ukraine's security service said on Thursday it had disrupted a cybercrime ring that cost the banking industry more than US$72 million using Conficker, a fast-spreading worm unleashed in 2008.
The hackers allegedly used Conficker to spread antivirus software, according to a translation of a news release from the SBU, the Ukraine's state security service. The antivirus software, however, contained malware that collected online banking details.
The SBU said it conducted 19 raids on Tuesday in tandem with law enforcement in other countries. Latvian police arrested two people, and more than 40 financial accounts were frozen in banks in Cyprus and Latvia.
The U.S. Federal Bureau of Investigation also participated in the investigation along with agencies in the U.K., the Netherlands, France, Germany, Cyprus, Latvia and two other unnamed countries, according to the release. Thirty servers were seized in countries outside the Ukraine.
Ukrainian authorities questioned 16 people and have seized computer equipment, documents and money. SBU and FBI officials with knowledge of the case could not be immediately reached.
Conficker, also known as "Downandup," was one of the most severe computer security problems in recent years. It took advantage of a vulnerability in Microsoft's software, infecting at least 3 million PCs and possibly as many as 12 million, forming a massive botnet.
The problem grew so bad that a group of companies and organizations formed the Conficker Working Group in late 2008 to research the malware and find ways to block it. In February 2009, Microsoft offered $250,000 as a reward for information that lead to the conviction of the person or people who wrote Conficker.
Send news tips and comments to jeremy_kirk@idg.com