RSSOnline ID Theft Ring Uncovered
By Ed Oswald | Published August 9, 2005, 1:14 PM
Sunbelt on Monday advised computer users to ensure that they are running an outbound firewall to prevent themselves from becoming victims of a massive identity theft ring that is gathering personal information from "thousands of machines" according to the company's research.
The FBI is also stepping in, and is currently looking through data sent to it by Sunbelt.
The company first revealed its findings in a post to its Web log last Thursday. The research team was able to obtain the personal information of consumers including bank account numbers and PINs, usernames and passwords, and even instant messaging chat sessions.
"We're sitting upon literally thousands of pages of stolen identities that are being used right now," Sunbelt President Alex Eckelberry wrote at the time.
Sunbelt spyware researcher Patrick Jordan is being credited with the discovery. According to Eckelberry, Jordan was doing research on a CoolWebSearch exploit when he discovered a "keylogger." These programs are small applications that record all keystrokes and then send the data to a central location.
"The scale is unimaginable," Eckelberry wrote. "There are thousands of machines pinging back daily." He said the server that the data is being stored on is in the US, however the domain is registered to an offshore entity.
Sunbelt has contacted several people that the keylogger contained a great deal of information on, but they said there was not much it could do without bringing in external resources. Eckelberry hoped law enforcement would start alerting victims.
Eckelberry recommends users ensure they have an anti-virus and firewall program installed. "Get a software firewall in place that has outbound protection. Try Sygate's free one. An antispyware or antivirus program will not likely have caught this thing," he wrote on Monday.
He also recommended that if you discover you are infected to call "your banks, paypal, eBay, credit card companies, whatever" and report it. Also disconnecting from the Internet and seeking help to professionally clean your machine is also recommended.
Security expert Suzi Turner wrote on Friday in the Spyware Warrior Web log that seeing the actual data made her "physically ill."
"It's one thing to read about such things online or in the newspaper, but to see it live is devastating. I don't know, and I don't know if anyone knows at this point, how many people might have been affected and had their information logged."
And the only reason it can happen is because of stupid people that use computers every day...port monitoring is by no means a new things.
Score: 0
|Your comment is uncalled for. You are assuming that most people are aware of all the tactics used to gather information by spyware companies. Even you do not. You should be educating them rather than condemming them. Most of the time, you do not even know you are infected. Even if you run a scan every day, one can slip in between the scans. Then before you know it, they have part of your information. Even between definition updates, one can have their computer infected and be transfering information to these companies without knowing. We are all at risk. You are calling yourself stupid with this comment.
Port monitoring and keylogging are by no means "new", but they work and are widely used. Nowadays, even legitimate sites you visit are potentially infected by disgruntled employees or 3rd party advertisers that are seeking information about visitors. No one is safe. Unless you unhook and never surf again. Even that is questionable today, let alone tomorrow.
Score: 0
|If the data is being sent back to the same server, why not take the server down?
If nothing else, start a DDOS attack on it to cripple it's bandwidth.
Maybe they are doing something and it's just that nothing was stated about it in the article. I don't know.
Score: 0
|They really need to tortue the ***** out of these guys! String them up in front of us all.
Score: 0
|Probably a PR issue. "Hacking" is illegal, only in moral terms is there a difference between a hacker & cracker. All of this data protection rubbish. Whilst a good thing, I agree - a denial of service "tactic" would be a good thing, unfortunately those who are in legitimate power are either concerned about PR or, simply lack the knowledge (whilst I would like to think the latter, I fear it is the former).
Score: 0
|Here's an idea that may or may not work:
Get a network bandwidth monitoring program.(Kerio Personal Firewall has one built in) Open it up, start typing into notepad, and after you type quite a large amount of stuff(say, 1000-4000 characters), then take a peek at the last 60 seconds on the bandwidth monitor and see if you any data was sent out.
Score: 0
|why not tell us specifically what to look for? Even if we do use an anti-virus, how will we know what you are talking about? I do know that spybot searches for and removes CoolWebSearch, but maybe it doesn't know of a certain file/program used by CWS. what is(are) the exact file name(s)
Score: 0
|There are so many variants of CoolWebSearch that there is not an easy way to tell you the files to look for. If 1 version used WINREG.EXE, the next could use WEBDEV.EXE. I would recommend getting CoolWeb Shredder. It is a tool that is now owned by Trend Micro that targets all known variants of CWS. http://www.intermute.com...wshredder_download.html
Score: 0
|Spybot does detect and remove CoolWeb, but there are many variants to the hack. As soon as one is detected, another pops up. So, you are always at risk of the new one that pops up. Take a look at your definitions and count the number of CoolWeb variants.
Score: 0
|How many days to reach the FBI. All the agents are working for the RIAA/MPAA!! Got to keep the world safe for downloading movies and songs! This would be a big deal if it installed a bittorrent client!
So all us Admin's have to deal with our users getting this stuff all over our machines and costing US companies Millions dollars!!
Score: 0
|More like billions from the wordage in the article:
""We're sitting upon literally thousands of pages of stolen identities that are being used right now," Sunbelt President Alex Eckelberry wrote at the time."
Score: 0
|You make it sound like the FBI did this to you.
Score: 0
|I think he is mad that people are focused more on people downloading music/videos that the only way for exploit on a grand scale such as this have to be found because someone bumped into it so to speak.
Score: 0
|So, with your logic, we should let people steal movies, but not idenities. Both are stealing and both should be dealt with. We don't let up on one, because you think that it is less desireable of an offense than the other. You need to prioritize your values. Stealing is stealing regardless if it is movies or identity.
Costing companies millions of dollars is exactly what RIAA/MPAA is doing. Protecting their iterest. If you don't like the price of a movie, don't go to it. That will change their prices. Stealing it will only put you in jail with all the other theives.
Score: 0
|