On CNET: iPhone gets AT&T Navigator app
BNET Business Network:
BNET
TechRepublic
ZDNet
127 TalkBacks

By Ingrid Marson
Posted on ZDNet News: Aug 8, 2005 7:06:00 PM

A major identity theft ring has been discovered that affects up to 50 banks, according to Sunbelt Software, the security company that says it uncovered the operation.

The operation, which is being investigated by the FBI, is gathering personal data from "thousands of machines" using keystroke-logging software, Sunbelt said Monday. The data collected includes credit card details, Social Security numbers, usernames, passwords, instant-messaging chat sessions and search terms. Some of that data is then saved in a file hosted on a U.S.-based server that has an offshore-registered domain, according to Sunbelt.

In the two days that Sunbelt has been monitoring the file, the company has seen confidential financial details of customers of up to 50 international banks, said Eric Sites, vice president of research and development at the Clearwater, Fla.-based security software maker.

"For almost every bank that is listed (in the file), it's possible to get into the person's account," Sites said.

Along with passwords for online banking sites, information on credit cards also has been gathered. Sites said that Sunbelt had found one customer's credit card number, expiration date and security code, in addition to name and address. That information would allow anyone to use the credit card, he said.

"The types of data in this file are pretty sickening to watch," Sunbelt President Alex Eckelberry wrote in a blog posting dated Saturday. "In a number of cases, we were so disturbed by what we saw that we contacted individuals who were in direct jeopardy of losing a considerable amount of money."

Sunbelt said that the people behind the scheme have obtained access to a considerable amount of bank information, including details about one company account containing more than $380,000 and another account that has "readily accessible" funds of more than $11,000.

An FBI representative was unable to confirm whether or not an investigation was taking place.

The data theft is carried out by a Trojan horse downloaded at the same time as CoolWebSearch and a mail zombie, Sunbelt said. Patrick Jordan, a Sunbelt employee, discovered the identity theft ring while researching a variant of CWS, which is a malicious program that hijacks Web searches and disables security settings in Microsoft's Internet Explorer Web browser.

"During the course of infecting a machine, he (Jordan) discovered that a) the machine he was testing became a spam zombie and b) he noticed a call back to a remote server. He traced back the remote server and found an incredibly sophisticated criminal identity theft ring," Eckelberry wrote in the blog posting. "We are still trying to ascertain whether or not this is directly related to CWS."

The malicious code is hosted on a Web site that mainly hosts pornography, which Sites was unwilling to name. Users of Windows XP who have not installed Service Pack 2 are particularly vulnerable, as the code could be automatically downloaded without the user's knowledge, Sites said. Sunbelt is currently investigating whether users of earlier Windows versions, such as Windows 2000 and Windows ME, are also vulnerable.

"If you have an unpatched Windows machine, when you go to the URL it will automatically download everything from the Web site, including the Trojan. All you have to do is type in the URL and you're hosed," Sites said.

The Trojan is a new variant, so antivirus and anti-spyware vendors do not yet block it, Sites said. Sunbelt plans to send information on the Trojan to security companies as soon as possible.

The activity could be the latest attempt by a criminal gang to use spyware for financial gain. In March of this year, Britain's National Hi-Tech Crime Unit foiled an attempt to steal about $390 million from the Japanese bank Sumitomo Mitsui. In that case, keyloggers were used to relay passwords and access information to the criminals who intended to transfer the funds electronically. A man in Israel was arrested after allegedly trying to transfer $25 million of the funds.

"We are aware of (Sunbelt's claims) that personal information was captured. But we can't confirm it until we can take a look at it," said an eBay spokesman. "If it is the case, we will act accordingly and appropriately."

eBay owns online payment service PayPal.

Ingrid Marson of ZDNet UK reported from London. CNET News.com's Dawn Kawamoto contributed to this report.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 127 Talkback(s)
Windows
http://www.analogstereo.com/hyundai_tiburon_owners_manual.htm... (Read the rest)
Posted by: Apple ipod Posted on: 05/28/07 You are currently: a Guest | | Terms of Use
Might as well get it over with.....  Code Poet | 08/08/05
You mean Unix is the Light and the Way  BXLE | 08/08/05
Might as well get it over with  born4fun@... | 08/08/05
Translation:  jolumoar | 08/08/05
re Translation: Revealing Insight  Urdolf | 08/08/05
Yes, it means something  lengua99 | 08/13/05
Windows is teh het  jwbales@... | 08/09/05
Windows  Apple ipod | 05/28/07
Some Banks make it easier.  Gravitas@... | 08/08/05
Why would you trust your money to a BANK  IceTheNet@... | 08/08/05
Cool...  ArtMac | 08/08/05
Cool ...  davedufour | 08/08/05
Couldn't agree more  mactolinux | 08/08/05
Catagorical Statement?  Ken E | 08/08/05
well, well  mactolinux | 08/09/05
Trust your money to a bank????  Nan1204 | 08/08/05
He keeps all of his money in his piggybank  toadlife | 08/09/05
saving up for a piggybank  linuxoverwindows | 08/11/05
trust your bank  Apple ipod | 05/28/07
BALONEY dood!  DarbyOhara | 08/09/05
And your alternative is what?  vinnie327 | 08/09/05
We all end up paying...!  hoate2001@... | 08/08/05
Although it seems like an issue  IT Scion | 08/08/05
Calm down, nothing sinister occurred...  mlynch1234 | 08/09/05
You can spoof caller ID  Gravitas@... | 08/10/05
My bank takes no responsibility!  yzergirl@... | 08/09/05
Banks Must Pay  Gravitas@... | 08/10/05
personal data problem  G Fedorchuk | 08/21/05
FYI - Firefox need I say more  IceTheNet@... | 08/08/05
Fireflop  benf_z | 08/08/05
pdf files and FireFlop  netminder | 08/08/05
problem is web designing for IE  zzpear | 08/08/05
PDF's?  HiRezL | 08/09/05
yeah -  ArtMac | 08/08/05
MY BANK ONLY ALLOWS IE  daver_z | 08/08/05
Time to change banks  gypkap@... | 08/08/05
Are You Sure????  EBathory | 08/09/05
Not true  tcavadiasZDNet Moderator | 08/09/05
You are correct - they fixed it  daver_z | 08/10/05
At least one works happy  tcavadiasZDNet Moderator | 08/12/05
Aren't you due back at your IRC channel?  toadlife | 08/08/05
my thoughts exactly.  OliverSeal | 08/09/05
something secure  Apple ipod | 05/28/07
Fireflocks is the hero!  blacksheepxlch1 | 08/10/05
i would trust it with my daughter...  linuxoverwindows | 08/11/05
TIME FOR CLASS ACTION SUIT  RobertoSalazar | 08/12/05
hmmm...  Krazyken39 | 08/12/05
Expose the Culprits & Ban the Registrars  lodaver | 08/08/05
...and Expose The Banks  hapaki1 | 08/08/05
post your experiences  Gravitas@... | 08/08/05
Happened to me  EBathory | 08/09/05
Additionally!!!!  DarbyOhara | 08/09/05
hundreds of thou$ands are at stake...  ArtMac | 08/08/05
Could Someone Explain the DriveBy Downloading and Installing Mechanism?  PMC-CON | 08/08/05
Is this a for real question?  ArtMac | 08/08/05
Umm, Still An Urban Legend ...  PMC-CON | 08/09/05
You are very wrong...  BitTwiddler | 08/09/05
yep  toadlife | 08/10/05
And once again...  ArtMac | 08/08/05
..and Deposit Slips.  hapaki1 | 08/08/05
Like we didn't see this comming  Crestview | 08/08/05
I'm with you on this  hoate2001@... | 08/08/05
throwing the baby out with the bath water  dlyne | 08/09/05
crimanals are rampent  Apple ipod | 05/28/07
ID Theft  mcp111 | 08/08/05
new doorway into our hard drives...  tonydi | 08/08/05
The US Government is keylogging too.  Heebie | 08/08/05
Governmental Keylogging - Absolutely  nitelife6 | 08/08/05
RE: Governmental Keylogging - Absolutely  HiBeamR_z | 08/08/05
Look, you can't trust anyone these days...  Allstar_z | 08/08/05
Not quite true...  hoate2001@... | 08/08/05
U been had by a Hoax  Squawkbox | 08/08/05
Pop up  G Fedorchuk | 08/21/05
ROFL!  Chad_z | 08/09/05
Dell Keylogger hoax  HiRezL | 08/09/05
What is sad  Squawkbox | 08/09/05
And what is ironic...  toadlife | 08/10/05
Already done by Microsoft  kokuryu | 08/09/05
DLL file  reznik | 08/12/05
Hmmmmmmmm..........  cpritch007@... | 08/08/05
ID theft  lynner55@... | 08/08/05
ID Theft & Data Privacy - An American Problem  nitelife6 | 08/08/05
Yes.  OliverSeal | 08/09/05
Re keylogger on computers.  dmumby1967 | 08/08/05
What is the platform that ALLOWS all the creeps to install all kinds of  michael_t | 08/08/05
Oh yes....  Spacebug | 08/09/05
easy to install  Apple ipod | 05/28/07
OS-makers should be made responsible  witan | 08/08/05
Why?  blacksheepxlch1 | 08/10/05
OS-makers should be made responsible  witan | 08/08/05
Users have their's as well  Spacebug | 08/09/05
PNC Bank clients are especially vulnerable  daver_z | 08/08/05
PNC Bank  RonsMail4U@... | 08/09/05
Spybot is one of the Best!  MojoKiller | 08/08/05
********  Spacebug | 08/09/05
Try COUNTERSPY  kokuryu | 08/09/05
Silence from Loverock  jasonp@... | 08/08/05
Maybe because he was the guy in this story  Squawkbox | 08/08/05
Damn, Squawky, I've heard of  Real World | 08/09/05
With "friends" like that, I'll take my enemies  Squawkbox | 08/09/05
Nope, wrong state  Loverock Davidson | 08/09/05
You are a good sport Loverock  Squawkbox | 08/09/05
Ditto (NT)  Loverock Davidson | 08/09/05
LOOK EVERYONE!!! HE MENTIONS ME!!!  Loverock Davidson | 08/09/05
Pornography sites > malicious code/pornware  tonydi | 08/09/05
Message has been deleted.  An_Axe_to_Grind | 08/09/05
I'll bite whatcha got?  Squawkbox | 08/09/05
personal attacks  Apple ipod | 05/28/07
this writer assumes three things that are not covered in questions to the  wessonjoe | 08/09/05
Spyware Rocks !!!  GeoMartinez | 08/09/05
title shoule read "FBI stakes out ID theft file and lets bank accounts get  wessonjoe | 08/09/05
Noticed that too did ya?  Squawkbox | 08/09/05
All you people got it wrong...  avatar_z | 08/09/05
Time for Retaliation Software!  the_webninja@... | 08/10/05
What will every happen to the id theft rings, the spammers and virus makers  FilledOut | 08/10/05
Sent to Porno Site Unsuspected  mrscc3201 | 08/10/05
Save your self  ctuteur | 08/10/05
I sometimes have to open IE!!  dbrimlow | 08/10/05
Who A R E the 50 banks? Does Anyone Know???  mclehr@... | 08/10/05
Spyware  jess81452 | 08/10/05
And What Banks are These?  caeciszek | 08/10/05
50 banks huh???  jan5055@... | 08/10/05
ID Theft Protection, harmful computer access, & Law  Transaction7 | 08/12/05
private data  Apple ipod | 05/28/07
ID thefts  daisie26 | 08/14/05
Uhh why won't the article post the offending websites addy?  Mike2575 | 09/06/05
AHEM!  EBathory | 09/07/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Introducing SmartPlanet

  • Find thought-provoking progressive ideas on topics that intersect with technology, business and life. Visit Today
  • Technology, perspective, and insights shaping the world
  • Learn innovative and practical skills for your business and your life. SmartPlanet offers 360 degree coverage that you need to feel connected to the information that matters to the world at large. Go to SmartPlanet
advertisement
Click Here