The FBI has issued a fraud alert, warning small US businesses to watch out for cybercrooks compromising their online banking details and wiring money to companies in China.
The Bureau says that between March 2010 and April 2011 it has identified twenty such incidents, causing losses of around $11 million.
Normally the criminals get the bank details by compromising the computer of a person within a company through phishing e-mails or malicious sites.
Malware - such as ZeuS, Backdoor.bot and Spybot - then harvests the user's corporate online banking credentials and when the authorised user attempts to log in to a bank Web site, they are redirected to another page.
While the user is experiencing logon issues, malicious actors initiate transfers to commercial accounts held at intermediary banks typically located in New York.
The transfers - which range in size from $50,000 to $985,000 - the make their way to the accounts of economic and trade companies located in the Heilongjiang province in the People's Republic of China. The companies are registered in port cities that are located near the Russia-China border.
The FBI says it hasn't worked out who is behind these transfers, if the Chinese accounts are the final destination or if the funds are moved elsewhere, or even why the legitimate companies are receiving the dodgy money.