A pair of Russian hackers looted more than $500,000 from Turkish bank accounts during the course of a Trojan-powered two year hacking spree.

One of the unidentified perps is on remand following his arrest on fraud charges in June while the other remains at large, Russian Interior Ministry investigators told the RIA Novsoti wire service on Monday. The scam is thought to be one of the longest-running of its type anywhere in the world.

The hackers, thought to be from Togliatti, a city on River Volga, are reckoned to have purchased a dedicated server with remote access to a desktop hosted in a US data centre. Using a customised RATsystem (Remote Administration Trojan) application, the duo reportedly infected bank customers' PCs, allowing them to swipe the login credentials of online banking customers.

Middlemen (phishing mules) were then recruited to send the pair an estimated $508,000 via 265 money transfers between February 2005 and April 2007. These Turkish accomplices took a cut of money raided from compromised bank accounts, prior to transferring the remainder to Togliatti via Western Union. ®

Related stories

• Security researchers lift the lid on Torpig banking Trojan (31 October 2008)
• Crooks charge premium for filter-evading Trojan (18 July 2008)
• Spanish police cuff 76 net fraud suspects (11 February 2008)
• Russian Feds close in on Pinch Trojan authors (21 December 2007)
• US phishermen trawl UK waters (18 October 2007)
• Phishers bait hook with Verified by Visa scam (26 September 2007)
• People are biggest threat to IT security (20 September 2007)
• US phish feeder jailed for seven years (15 August 2007)
• Strange spoofing technique evades anti-phishing filters (25 May 2007)
• Phishing attack evades bank's two-factor authentication (19 April 2007)
• Exclusive eBay goes hacker hunting in Romania (8 March 2007)
• Phishers haul in money from Nordic bank (19 January 2007)
• Man-in-the-Middle phishing kit netted (12 January 2007)