An anonymous reader writes: The Washington Post's Brian Krebs has a piece that dissects a cyber attack this week against Bullitt County, Ky. The home of Fort Knox lost $415,000 after a Windows PC belonging to the county treasurer got infected with a scary new variant of the Zeus keystroke logger Trojan, which includes a back-connect feature that allows the crooks to log in to the victim's bank account using the victim's own Internet connection. The story breaks down in detail how the attackers were able to defeat the bank's two-factor authentication and the county's checks-and-balances system, and includes interviews with two of the 25 money mules in the United States who were hired or duped into accepting unauthorized transfers from the county and then wiring the money to the fraudsters in Ukraine. From the story: "Bullitt County Attorney Walt Sholar said the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county's payroll to accounts belonging to at least 25 individuals around the country (some individuals received multiple payments). On June 29, the county's bank realized something was wrong, and began requesting that the banks receiving those transfers start reversing them, Sholar said.