Two Russian hackers are alleged to have stolen $508,000 using more than 260 money transfers from Turkish bank accounts in a Trojan-driven systems hack lasting more than two years.

The hackers, thought to be teenagers and hailing from Togliatti, a city on River Volga, are said to have purchased a dedicated server with remote access to a desktop hosted in a US data centre.

Then, using a customised RATsystem (Remote Administration Trojan) application, the two men are reported to have infected bank customers' PCs, so giving them unauthorised access to their accounts. Russian newswire reports say that one of the men was arrested in June of this year, whilst the second is still wanted.

Commenting on the scam, thought to be one of the longest-running of its type anywhere in the world, Herman Zampariolo, CEO of Wabisabilabi (WSLabi), the online auction space for buyers and sellers of software vulnerabilities to conduct deals in a confidential manner, said it signals an interesting twist to the criminal use of Trojan malware.

"Without knowing further details, it's impossible to understand how the scam went on for so long before it was detected," he said.

"However, based on the limited information released so far by the authorities in both countries, it is no wonder the Russian Interior Ministry has spent a lot of time and resources investigating the activities of these two men," he added.