At least $3 million was stolen from U.S. accounts from about May 2009 to present, and more than 100 people have been arrested or charged in the U.S. and the U.K. as part of an alleged global cybercrime ring using computer viruses to steal bank-account information and loot money from unsuspecting victims.  The investigation is in its early stages and could result in law-enforcement actions in other countries, authorities said.

    Five Banks Involved.   Apparently 5 banks were victimized, including units of JPMorgan Chase, Ally Financial, and PNC Financial Services Group.  Mules used units of Bank of America and TD Bank Financial Group to open accounts into which to siphon money, according to federal court documents.  Money was typically withdrawn in amounts of around $10,000, with the mules often keeping about 8% to 10%.  Many of the mules were recruited through ads in a Russian-language newspaper or social-networking site, said Manhattan D.A. Cyrus Vance Jr., and those charged included citizens of Russia, Moldova, Ukraine, Kazakhstan and Belarus.

The U.S. investigation, in progress for over a year, has focused mostly on a network of "mules," or people recruited to open bank accounts using false names and fake passports and transfer stolen funds back to handlers in Eastern Europe.   It's believed that hackers used malicious computer software known as "Zeus Trojan," disguised in seemingly benign email.  When the email recipient clicks on a link or attachment in the email, the virus monitors the victim's computer activity to grab user names and passwords.  The hackers then would use the stolen data to move money from victims' accounts to accounts held by the mules, who would either wire it overseas or take it out in cash.

    The Zeus Trojan Program.   The Zeus software program is one antivirus specialists became aware of several years ago - it's believed to have been developed by an individual or group out of Russia.  In its early form, the Zeus code would harvest data such as basic bank log-in information as users of infected computers accessed their financial accounts online, sending the information to criminals who would then either use it or sell it.  Over the past year, the code has become more sophisticated, enabling criminals to take over someone's connection with a financial institution to siphon money directly to mule accounts.  By piggybacking on the legitimate user's access to an account, the virus bypasses additional password protection financial firms have put in place.

Zeus is so popular that bootleg versions have emerged on the cyber black market from a hacker known by the online handle Bishop.  Zeus isn't just used to steal bank data but also log-in information to government and military sites.  A handful of large cybercrime operations use Zeus, and the group of people arrested Thursday is part of one of those operations.  "The modern high-tech bank heist, does not require a gun," said Mr. Bharara, the Manhattan U.S. attorney. "It requires only the Internet and ingenuity."   [WSJounral, 10/1]