PM 'heart attack' email dupes bank customers

Hackers may have captured the login details of around 2,500 banking customers by circulating a Trojan email claiming Australia's Prime Minister has suffered a heart attack, according to a security company.

Entitled "John Howard, the current Prime Minister of Australia has survived a heart attack", the email claims Howard suffered the heart attack while staying at his official residence in Sydney and is fighting for his life in hospital.

The email then provides a link purporting to be an online news report. Users that click the link however are directed to a standard "404 error" page which downloads a Trojan to their computer.

Joel Camissar, Websense country manager for Australia and New Zealand, said the Trojan monitored infected users' internet activity. This included logging keystrokes, he said - which could include banking login details.

Websense, which has been tracking the scam, has identified one of the servers used in the hacking attempts and is recording compromised IP addresses, as well as other data stored by the server, according to Camissar.

He said 2,500 users around the world have been infected by the Trojan, with around 30 per cent - or 750 people - from Australia. Customers of banks across Europe and the US may have had their passwords captured, said Camissar, adding that customers of Australia's Commonwealth and Westpac banks may specifically have had their account details captured.

Both banks have denied the Trojan has infected their systems. A spokesperson for Westpac said its systems have not been compromised and the bank is unaware of any fraud losses as a result. While a Commonwealth Bank spokesperson said its website has not been infected by the Trojan.

However, as Camissar explained, the website is not the issue: "The Commonwealth Bank website hasn't been compromised but the Trojan horse monitors user sites visited and sends back the [bank site] username and password to the server computer."

Websense is working with law enforcement authorities to find the scammers, said Camissar.

Steven Deare writes for ZDNet Australia