Huge identity theft ring discovered by spyware research



Sunbelt blog, reports that they have uncovered a MASSIVE amount of personal data, ranging from usernames to passwords to banking information and much more while investigating spyware. They found keylogger transcript software with lots of personal information. Sunbelt develops software to protect against spam and spyware and other security threats. A keylogger is software that records every keystroke on a computer and these days usually uploads that data to a server for someone to peruse.

The FBI has been notified and was working on the issue already, some of those affected, but according to the post, THOUSANDS of pages of stolen identities are in their possesion.

According to another writeup at arstechnica…. it looks as though they were investigating coolwebsearch (one of the slime of the spyware world.) During the course of his research, the investigator found that with coolwebsearch (CWS) his machine became a spam zombie and was communicating with a remote server. On investigation he found that thousands of machines were pinging back to the server, the keylogger file was growing daily. Also, he says this was more sophisticated with PHP scripted pages to give the criminals reports and a special upload area.

To quote a further update “This piece ofspyware collected your protected storage info plus URLs, chat activity and website usernames and passwords. The real problem with this spyware was that it collected this information and posted it back to a public website that anyone could go to and read all of your personal information. Some examples of this include all the credit card info entered on HTML forms while purchasing something online. It did not matter that the webpage was using HTTPS.

This website had collected over 500 different computers very private information within a 24 hours period. Including chat activity and login info to online bank accounts. One company had over $380,000 in a compromised account. The information was not the normal info collected for hacking purposes. It was collected to steal your money, SSN, credit card info, address, and identity. We have already found two variants of this spyware with multiple locations for its stolen info upload. We are working with the FBI and Secret Service to track everything back to the source.”

I’ve run across coolwebsearch before and found it fairly invasive (default blank page rewritten in the dll file that explorer calls the about:blank from among other things). (If I recall correctly.) Hopefully someone gets nailed to the wall for this. Unfortunately, I’m afraid it’s just the tip of the iceburg on the spyware front. I’m glad to be running linux. Linux isn’t impervious, but it is not currently targetted by spyware writers. Additionally, it does typically have a different security structure than windows. Ultimately though, it will likely come down to people making intelligent choices about what software to install. (Life will go on without animated smileys from who knows where….)

In a Saturday update they clarify that they’re investigating if it is related to CWS (Coolwebsearch) or not.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove SecuritySoldier | Security Soldier Removal SecuritySoldier is the latest in the WiniGuard Family (SecurityFIghter, SaveArmor, SaveDefender are just the names that came out in the last week.) These busy bees have pretty much just renamed the program and files. It looks the same as each of the recent previous rogues. Just as those do it......
  • Another McAfee security product flaw Sans has info on a security flaw affect several McAfee security products. It could allow remote code execution. The 2007 versions of the products are not affected and a patch is expected soon. For your information, here are the affected products: McAfee Internet Security Suite 2006, McAfee Wireless Home Network......
  • Warning - old wolf in sheeps clothing cloned... Our "good friend" spyaxe, which is one of the "wolves in sheeps clothing" that masquerade as security software, but in actuality are delivered WITH spyware, has a new clone. Apparently SpywareStrike is making the rounds, and has a website which is identical to the SpyAxe site and it looks to......
Blog Traffic Exchange Related Websites
  • How to Choose the Best Coin Collection Software Coin collecting is something which has been happening for over 200 years. There are collectors which have written many different books to help other collectors understand the different things to look out for when buying and selling coins. These books have been treasured by all those who are getting started......
  • Types of Coin Collecting Software Collecting different coins is a truly pleasurable and profitable type of hobby or endeavor. Most people who are novices in collecting encounter problems relating to having too many coins, and therefore they do not have an adequate amount of information about the coins that they have or about the coins......
  • Flashback: Credit card condoms? Hey, whatever it takes! ~Dawn over at Frugal For Life hosted Carnival of Debt Reduction #9.  One post from Personal Finance Advice from that carnival I remember if for no other reason than the name: Credit card condoms The premise in creating a prophylactic to fit over your credit card is to make you......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

One Response to “Huge identity theft ring discovered by spyware research”

  1. Avery J. Parker - Web site hosting and computer service Says:


    [...] Over at the Security Fix, Brian Krebs is talking about spyware and the fact that keeping up-to-date on patches, and running current antivirus with current definitions is not enough to protect your machine from spyware. He sums it up by saying common sense is the best defence. Through the course of the article he hits on a couple points that have made the news lately. One of which is the Sunbelt discovery of a massive identity theft ring, which is mentioned in several postings here, and here. [...]


Switch to our mobile site