Spyware ID theft ring hits 50 banks

[Slappie 9]

This is some serious news.

More info

Quote

A major identity theft ring has been discovered that affects up to 50 banks, according to Sunbelt Software, the security company that says it uncovered the operation.

The operation, which is being investigated by the FBI, is gathering personal data from "thousands of machines" using keystroke-logging software, Sunbelt said Monday. The data collected includes credit card details, Social Security numbers, usernames, passwords, instant-messaging chat sessions and search terms. Some of that data is then saved in a file hosted on a U.S.-based server that has an offshore-registered domain, according to Sunbelt.

In the two days that Sunbelt has been monitoring the file, the company has seen confidential financial details of the customers of up to 50 international banks, said Eric Sites, vice president of research and development at the Clearwater, Fla.-based security software maker.

"For almost every bank that is listed (in the file), it's possible to get into the person's account," Sites said.

As well as passwords for online banking sites, information on credit cards has also been gathered. Sites said that Sunbelt had found one customer's credit card number, expiry date and security code, in addition name and address. That information would allow anyone to use the credit card, he said.

"The types of data in this file are pretty sickening to watch," Sunbelt President Alex Eckelberry wrote in a blog posting dated Saturday. "In a number of cases, we were so disturbed by what we saw that we contacted individuals who were in direct jeopardy of losing a considerable amount of money."

Sunbelt said that the people behind the scheme have obtained access to a considerable amount of bank information, including details about one company account containing more than $380,000 and another account that has "readily accessible" funds of more than $11,000.

An FBI representative was unable to confirm whether or not an investigation was taking place.

The data theft is carried out by a Trojan horse downloaded at the same time as CoolWebSearch and a mail zombie, Sunbelt said. Patrick Jordan, a Sunbelt employee, discovered the identity theft ring while researching a variant of CWS, which is a malicious program that hijacks Web searches and disables security settings in Microsoft's Internet Explorer Web browser.

"During the course of infecting a machine, he (Jordan) discovered that a) the machine he was testing became a spam zombie and b) he noticed a call back to a remote server. He traced back the remote server and found an incredibly sophisticated criminal identity theft ring," Eckelberry wrote in the blog posting. "We are still trying to ascertain whether or not this is directly related to CWS."

The malicious code is hosted on a Web site that mainly hosts pornography, which Sites was unwilling to name. Users of Windows XP who have not installed Service Pack 2 are particularly vulnerable, as the code could be automatically downloaded without the user's knowledge, Sites said. Sunbelt is currently investigating whether users of earlier Windows versions, such as Windows 2000 and Windows ME, are also vulnerable.

"If you have an unpatched Windows machine, when you go to the URL it will automatically download everything from Web site, including the Trojan. All you have to do is type in the URL and you're hosed," Sites said.

The Trojan is a new variant, so antivirus and anti-spyware vendors do not yet block it, Sites said. Sunbelt plans to send information on the Trojan to security companies as soon as possible.

The activity could be the latest attempt by a criminal gang to use spyware for financial gain. In March this year, Britain's National Hi-Tech Crime Unit foiled an attempt to steal about $390 million from the Japanese bank Sumitomo Mitsui. In that case, keyloggers were used to relay passwords and access information to the criminals who intended to transfer the funds electronically. A man in Israel was arrested after allegedly trying to transfer $25 million of the funds.

"Find out just what any people will quietly submit to and you have found out the exact measure of injustice and wrong which will be imposed upon them."

[masterrig 1]

Besides being scary shit, it makes me mad, at the same time. Also, in reading the article you posted, I specifically mentions Windows - XP. That's what I'm running. It came with the computer. The last time I tried to down-load the Service Pack 2, my computer crashed! Ain't that just ducky. Fucking thieves... I hate 'em!


Chuck

[AlexCrowley 0]

Unfortunately this is nothing new. The difference is that California took a step in the right direction by passing a law that requires companies to step forward and admit to a break in if there is a possibility of their customer database being exposed or stolen.

Until the passing of this bill it was common for companies to hide these situations as long as possible - no one was liable. In a lot of cases financial companies would bow to blackmail from hackers who stole their data and threatened to go public with it - which happened several times during the .com period (egghead.com -> newegg.com was famously compromised).

I realize that most people use their computers to actually do real stuff, but some of us use them as a means to themselves - and most of us distrust Microsoft XP + Internet Explorer. PM for details as to why this combination is such a horrible idea and why new vulnerabilities are discovered weekly, and why it's the IE users that get nailed hard on these sorts of criminal schemes.

To minimize your exposure to these kinds of invisible download tricks: Use Firefox

No system will ever be 100% bug free or 100% invulnerable, but even taking a simple step such as not using IE will dramatically reduce the chance of malicious or unknown activity on your computer by a criminal.

Don't buy into security vendors hype.

The following example is the equivelent to me having a 4:1 wingloading, do not try this unless you know what you're doing: As an experiment I've been running my computer without any virus protection. My cable modem/wireless router has a built in firewall, but that doesnt impact my experiment.

By using Firefox and Thunderbird* and surfing the internet and using my computer for WAY too many hours a day (12.5 hours of systems time today which is 30 minutes above average) I decided to do a virus scan yearly and see what nasties my computer caught. I dont download a great deal of illegal software or content - which greatly reduces the risk, and I follow basic email safety (dont run attachments).

For the last two years I have had 0 viruses. I have had 1 case of major spyware (whcih was installed with a video game I purchased at Best Buy, and quickly disabled). Minor cookie tracking and harmless info collectors I dont worry about too much, as most of the web stops functioning if you get overly paranoid (although its simple to handle with Firefox).

So basically: free, efficient internet software that protects you from the majority of nasty BS out there without having to pay out huge sums of cash to consumer "security companies" (btw Nortons stuff SUCKS, but so do their competition) to stay safe.

Basic modem NAT firewall (or even XPs built in firewall I guess - not as good tho), firefox and thunderbird.

More secure, generally a faster user experience and far more stable on my machines than Internet Explorer has ever been - with or without backdoors, spyware and silent malicious software installs.


*both free, a web browser and email client maintained by the free software community, use the link above.

edit: fixed clicky.

TV's got them images, TV's got them all, nothing's shocking.

[masterrig 1]

Thank you! Some pretty valuable information. i appreciate it.


Chuck

[riddler 0]

Quote

To minimize your exposure to these kinds of invisible download tricks: Use Firefox

I second that - Firefox is the best thing to come along since Opera. There are a few site that use M$ Active plugins, and don't work with Firefox, but I have boycotted those sites. I use Firefox almost exclusively.

Edit - your clicky is broken. Here's a better one:

http://www.mozilla.org/products/firefox/

Trapped on the surface of a sphere. XKCD