A representative of the RSA FraudAction Research Laboratory, Aviv Raff, recently discovered that the URLZone botnet control server intentionally creates false information leaks whenever it suspects that it's being investigated by IT security authorities. RSA FraudAction Research Labs and many other security experts like them have been cooperating with the bank industry in order to locate servers for suspected botnets by masquerading as infected victims.

First off, dispatching operatives are utilized to withdraw money and forward it to the scam's masterminds. Dubbed as "money mules", these special forwarding agents have been in use by various online banking scammers for a long time now. They specifically refer to people who act as cash launderers for various Internet bank transfer scams. These mules are tasked to wire the incoming money—minus their share, of course—to places all over the globe via Western Union or other similar services.

Locating the active money mules of a cyber crime syndicate enables banks to unveil and impede forged bank transfers from the very start. Nevertheless, while undergoing his investigation, security official Aviv Raff discovered that the botnet server was programmed to provide him the account details of innocent users who have been turned into scapegoats for the racket.

Evidently, the investigated server was able to detect that the supposed "victims" (or investigators posing as such) weren't victims at all, and thusly reacted to the circumstances by intentionally laying false tracks to undermine the sting operation. Fascinatingly, the false money mule's account information and details weren't chosen at random either. Raff claims that the details he was able to procure all belonged to individuals who've legally received money from a given trojan victim beforehand.

This ingenious little feature is made possible by the fraudsters' careful monitoring of their targets' financial activities, which provides them a comprehensive compendium of legitimate bank transfer data that they can use against cyber crime investigators as diversionary tactics.

Indeed, there's a chance that unsuspecting account owners could be charged of cash laundering because online scammers can make it appear that stolen funds are passing through their accounts. This eventuality shows that online outlaws are currently responding to the attention and pressure that law enforcement and private investigators are currently providing them.