By Susan B. Shor TechNewsWorld
08/09/05 11:02 AM PT
The information logged by the spyware was sent to a remote server in the United States with a domain registered offshore. The data files were accessed by multiple participants in the identity theft scheme. These operations are only going to get more sophisticated, analysts said.
A spyware ring has infiltrated the IT systems of as many as 50 international banks and logged social security numbers, credit card and bank account numbers, passwords, eBay (Nasdaq: EBAY) and PayPal account information and chat transcripts, according to the security firm Sunbelt Software.
The anti-spyware manufacturer's president wrote in the company blog that it discovered the identity theft operation while doing research on a CoolWebSearch exploit. The spyware downloads with CoolWebSearch, but is a separate program.
Investigation Begun
The FBI is investigating the breach, which Sunbelt President Alex Eckelberry wrote used a keystroke logger to capture information from thousands of machines.
"Bad things happen. Always have. Always will," Steve Hunt, president of 4A International, a security consulting company, told TechNewsWorld. "So don't expect you can ever be completely free of risks like spyware -- but also don't avoid reasonable precautions."
In this instance, Sunbelt said that Windows XP users who have not installed Service Pack 2 are most vulnerable and anti-malware programs will not catch this Trojan horse. Both Sunbelt and Hunt recommend a firewall that detects outbound information.
"Sunbelt Software discovered sophisticated and frightening spyware collecting very private information on thousands of unsuspecting individuals and businesses," Hunt said. "The spyware is similar in some ways to software developed by Michael Haephrati, arrested last month in London. His software was used to collect business secrets later used in industrial espionage. Eventually 18 people, included chief executives of major corporations were arrested for benefiting from the software."
More Protection Needed
The information logged by the spyware was sent to a remote server in the United States with a domain registered offshore. The data files were accessed by multiple participants in the identity theft scheme.
These operations are only going to get more sophisticated, analysts said. "These sorts of attacks on our personal and corporate secrets will only get more advanced and discrete," Hunt warned.
Mark Durham, communications director, Identity Theft 911, thinks we need a higher form of authentication for online banking, for example. "A user name and password is not enough protection to access a bank account," he told TechNewsWorld.
"Consumers don't know where their data is and they can't control how it's used. As long as that's true we need to push business and government and those that have that data to control it better," Durham said.
Reconsidering Total Information Awareness August 05, 2005
The growth of technology can't be stopped, and if the system works to find terrorists, it can be used to find bad government actors as well. This is what those who are eternally vigilant should be working towards.
Related Stories
RFID Tags: Preventing or Promoting Identity Theft? July 05, 2005
The California Senate recently agreed and passed legislation to prohibit the use of RFID in any state-issued document, including driver's licenses, ID cards, student ID cards, health insurance cards, professional licenses and library cards. The bill does make exceptions in use of RFID IDs for state employees to access "secured areas."
European E-Commerce Feeling Pinch from ID Theft June 28, 2005
Entrust did a similar survey for North America last fall and, taken together with the European poll, they show a heightened concern by consumers over identity theft tied to online activity, Vice President for Technology Chris Voice said. "What's disturbing is that people are voting with their keyboards," he said.
Adoption of Alternate E-Mail Security Technologies Pushed June 25, 2005
"Each protocol provides different answers to different problems involving e-mail security issues. But both new protocols deal with sender authentication," Thomas Gillis, senior vice president for worldwide marketing at IronPort Systems, said.
Report Suggests Security Software Attacks Increasing June 21, 2005
Yankee Group recommended quality assurance and penetration testing measures such as reviewing security designs early and often; integrating security tests into regular software builds; reviewing code base; and truly simulating the tactics of an attacker.
Related News Alerts
More by Susan B. Shor
Salesnet President Jonathan Tang Ready to Take On Salesforce.com February 07, 2006
"We think it's Salesnet's time now. We've been around since the beginning, we've been lying low, but you're going to start to see more of us. We've done it through organic growth and happy customers. We continue to focus on customers."
Comcast Follows Time Warner in Offering 'Family' Programming Tier December 23, 2005
"The demand for this type of tier is coming from the FCC and Christian conservatives. It has nothing to do with legitimate consumer demand," Todd Chanko, senior analyst at Jupiter Media, told the E-Commerce Times.
High-Risk Flaw Found in Symantec's Software December 22, 2005
"Part of the significance of this vulnerability announcement is that your machine can be exploited without you needing to do anything at all. You don't even have to open an e-mail or attachment, and this happens with the default configuration of the product," said Forrester Research senior analyst Michael Gavin.
Headline Feeds
Talkback: 
