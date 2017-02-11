An Eastern European man has been convicted of taking part in a plot that included what government investigators say was an attempt to steal nearly $1 million from the Sharon City Schools.

The U.S. Attorney in Pittsburgh says Andrey Ghinkul, 31, of Moldova has pleaded guilty to federal charges of conspiracy and damaging a computer.

Investigators say Ghinkul was part of a criminal conspiracy that distributed a malware which was used to steal online banking credentials.

The stolen credentials were then used to make fraudulent electronic funds transfers of millions of dollars from the victims’ bank accounts.

According to the Federal Trade Commission, malware includes viruses, spyware, and other unwanted software that gets installed on your computer or mobile device without your consent.

The government says the case involved a sophisticated international conspiracy that infects computers with the malware known as Bugat. Cridex and Dridex.

The malware package is specifically designed to automate the theft of confidential personal and financial information, such as online banking credentials, from infected computers through the use of keystroke logging and web injects.

The Sharon City School District almost fell victim to the conspiracy according to investigators.

An FBI affidavit says that on November 28, 2011, Sharon school's business manager attempted to log into the district’s bank account at First National Bank and found that the account was locked.

First National Bank told her that someone tried to access the account, but failed to answer the security questions.

The same situation occurred on December 15, 2011, according to the FBI.

In response, First National Bank issued the business manager a new user ID and password.

On December 16, 2011, the school business manager accessed the district's account.

Later that morning, First National Bank contacted the business manager, seeking verbal confirmation of a $999,000 wire transfer from the school account.

The $999,000 transfer, which would have ultimately been destined for Kiev, Ukraine, was canceled before the funds were lost.

The FBI obtained a forensic analysis of the Sharon City School District’s computer used to perform the transaction.

An expert concluded, based upon the malware code and the evidence created by the malware, that the computer used by the Sharon school's business manager had been infected with the Bugat/Dridex malware before the attempted wire transfer.

The analysis also revealed that the infection was the result of a spam email received by the district on November 8, 2011.

The FBI concluded that someone had used the malware to steal online banking credentials of school district employees, then used them to access the district’s bank account in an attempt steal funds.

In addition, prosecutors say the same malware was used to steal $3,508,600 from an account belonging to Penneco Oil of Westmoreland County, Pa.

When Ghinkul is sentenced on July 13, he faces 15 years in prison, a fine of $500,000, or both.

The Federal Trade Commision has information about protecting yourself from malware. Click on this link.

The FBI affadavit filed in the investigation may be viewed here