What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » Massive Identity Theft Uncovered through Spyware

Massive Identity Theft Uncovered through Spyware
Author: Message:
Dane
Non-Elite Member
*****

Avatar
Dont ask to ask, just ASK!

Posts: 1621
Reputation: 52
35 / Male / Flag
Joined: Dec 2002
Status: Away
O.P. Dodgy  Massive Identity Theft Uncovered through Spyware
Researchers from a little-known security software company named Sunbelt Software have seemingly uncovered a criminal identity theft ring of massive proportions. According to one of their employees, Alex Eckelberry, during the course of one of their recent investigations into a particular Spyware application—rumored to be called CoolWebSearch—they've discovered that the personal information of those "infected" was being captured and uploaded to a server.

One can only speculate about why someone would do such a thing; the amount of data that could be gathered would almost certainly be daunting for even a few people to sift through and exploit. On the other hand, the researchers at Sunbelt have personally uncovered the personal information of two individuals who, combined, could be taken for well over US$350,000.

The list of stolen information includes not only bank accounts but website passwords, eBay accounts, what sort of adult images you fancy, and, supposedly, even more. The researchers initially had tried in vain to get a hold of someone who could take action on this issue but didn't get a response right away:

We have notified the FBI, but of course no response (too busy doing other more important things). We have notified a few of the parties involved...If anyone has any other ideas, send 'em to us. Right now, we're sitting upon literally thousands of pages of stolen identities that are being used right now.

Good news came today, though, that the FBI had responded and are currently working the case. We've emailed Alex and tried to see if we could get any more details about the whole thing out of him, but at the time of publication, we had not received a response. Hopefully the people who've perpetrated this massive-scale theft of personal data can be quickly caught and brought to justice due to the quick actions of Alex Eckelberry and the researcher who discovered the crime, Patrick Jordan.

Updated (08/06/2005 4:24PM CDT): I've received a little bit more information on what's going on from the employees of Sunbelt Software. What follows is more or less the exact email I received from Alex Eckelberry:

Basically, it went like this:

Patrick Jordan, our CoolWebSearch expert, was doing research on a CWS exploit. During the course of the research, he disovered that a) the machine he was testing became a spam zombie and b) it send a call back to a remote server. He traced back the remote server and found what you have heard about.

The scale is unimaginable. There are thousands of machines pinging back in a day. There is a keylogger file that grows and grows, and then is zipped off and then the cycle continues again.

It is sophisticated. There are nifty little PHP scripts that help the criminals get reports. There is a special upload area.


Updated (08/06/2005 5:38PM CDT): Here's more information from Eric Sites, VP of R&D at Sunbelt:

While one of my spyware researchers was tracking down new variants of CoolWebSearch he came a cross a payload of crap that was downloaded to his VMware. This payload included a program that monitored the users internet traffic, chat activity and Windows protected storage store. When using Internet Explorer with autocomplete turned on, your autocomplete info gets stored in protected storage.

This piece ofspyware collected your protected storage info plus URLs, chat activity and website usernames and passwords. The real problem with this spyware was that it collected this information and posted it back to a public website that anyone could go to and read all of your personal information. Some examples of this include all the credit card info entered on HTML forms while purchasing something online. It did not matter that the webpage was using HTTPS.

This website had collected over 500 different computers very private information within a 24 hours period. Including chat activity and login info to online bank accounts. One company had over $380,000 in a compromised account. The information was not the normal info collected for hacking purposes. It was collected to steal your money, SSN, credit card info, address, and identity. We have already found two variants of this spyware with multiple locations for its stolen info upload. We are working with the FBI and Secret Service to track everything back to the source.

This article will be updated with any more information we receive or uncover about the ID theft incident.
08-07-2005 10:23 PM
Profile PM Web Find Quote Report
Zephyr
Senior Member
****

Avatar
monster.rat

Posts: 950
Reputation: 26
35 / Male / Flag
Joined: Jan 2005
RE: Massive Identity Theft Uncovered through Spyware
It's just stupid what people will go to for such crimes.

I really hope they get a lot more information to put a stop to this.
[Image: rhcpsig38tj.png]
08-07-2005 10:52 PM
Profile E-Mail PM Find Quote Report
DJeX
Veteran Member
*****

Avatar


Posts: 1138
Reputation: 11
– / Male / –
Joined: Jul 2003
RE: Massive Identity Theft Uncovered through Spyware
Spyware is not better than a trojan. It slows down your computer (maybe even crashing it), steels info, and hides it self in your comp so you cant take it out.

There should be a law against spyware, and the companies that make it.
[Image: top.gif]
08-08-2005 04:25 AM
Profile PM Web Find Quote Report
[MR]
Veteran Member
*****

Avatar
Scruffy Ruffy

Posts: 1060
Reputation: 25
34 / Male / Flag
Joined: Jun 2005
RE: Massive Identity Theft Uncovered through Spyware
quote:
Originally posted by DJeX
Spyware is not better than a trojan. It slows down your computer (maybe even crashing it), steels info, and hides it self in your comp so you cant take it out.

There should be a law against spyware, and the companies that make it.
i agree
[Image: siggy20ss.jpg]
08-08-2005 04:27 AM
Profile E-Mail PM Web Find Quote Report
rav0
Veteran Member
*****

Avatar
i have an avatar

Posts: 1419
Reputation: 29
35 / Male / Flag
Joined: Aug 2003
RE: RE: Massive Identity Theft Uncovered through Spyware
quote:
Originally posted by DJeX
There should be a law against spyware, and the companies that make it.

Employers that monitor employee computer usage need to use spyware.
| [Image: dorsh] |

(\ /)
(O.o)
(> <)

This is Bunny. Copy Bunny into your signature to help him on his way to world domination
08-08-2005 05:55 AM
Profile E-Mail PM Web Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On