A spyware ring has infiltrated the IT systems of as many as 50 international banks and logged social security numbers, credit card and bank account numbers, passwords, eBay and PayPal account information and chat transcripts, according to the security firm Sunbelt Software.
The anti-spyware manufacturer’s president wrote in the company blog that it discovered the identity theft operation while doing research on a CoolWebSearch exploit. The spyware downloads with CoolWebSearch, but is a separate program.
The FBI is investigating the breach, which Sunbelt President Alex Eckelberry wrote used a keystroke logger to capture information from thousands of machines.
“Bad things happen. Always have. Always will,” Steve Hunt, president of 4A International, a security consulting company, told TechNewsWorld. “So don’t expect you can ever be completely free of risks like spyware — but also don’t avoid reasonable precautions.”
In this instance, Sunbelt said that Windows XP users who have not installed Service Pack 2 are most vulnerable and anti-malware programs will not catch this Trojan horse. Both Sunbelt and Hunt recommend a firewall that detects outbound information.
“Sunbelt Software discovered sophisticated and frightening spyware collecting very private information on thousands of unsuspecting individuals and businesses,” Hunt said. “The spyware is similar in some ways to software developed by Michael Haephrati, arrested last month in London. His software was used to collect business secrets later used in industrial espionage. Eventually 18 people, included chief executives of major corporations were arrested for benefiting from the software.”
More Protection Needed
The information logged by the spyware was sent to a remote server in the United States with a domain registered offshore. The data files were accessed by multiple participants in the identity theft scheme.
These operations are only going to get more sophisticated, analysts said. “These sorts of attacks on our personal and corporate secrets will only get more advanced and discrete,” Hunt warned.
Mark Durham, communications director, Identity Theft 911, thinks we need a higher form of authentication for online banking, for example. “A user name and password is not enough protection to access a bank account,” he told TechNewsWorld.
“Consumers don’t know where their data is and they can’t control how it’s used. As long as that’s true we need to push business and government and those that have that data to control it better,” Durham said.