ID Theft warning - beware this software!

I got this from one of the discussion groups I am involved in professionally (private investigation) it is currently unsubstantiated as far as I know but I'd take heed as this came from a professional investigator.

---

AUGUST 05, 2005 (COMPUTERWORLD) <http://www.computerworld.com/> - Officials
at Sunbelt Software, a Clearwater, Fla.-based vendor of antispyware tools,
said the company stumbled upon a massive ID theft ring that is using a
well-known spyware program to break into and systematically steal
confidential information from an unknown number of computers worldwide.
The operation was discovered yesterday during research Sunbelt was doing on
a spyware program belonging to a particularly dangerous class of browser
hijacking tools called CoolWebSearch (CWS), according to Sunbelt's
president, Alex Eckelberry.

CWS programs are extremely hard to detect and remove, and are used to
redirect users to Web sites that use spyware tools to collect a variety of
information from infected computers.

The CWS variant being researched by Sunbelt turned infected systems into
spam zombies and uploaded a wide variety of personal information to a remote
server apparently located in the U.S. That server holds a "treasure trove of
information" for ID thieves, Eckelberry said.

Sunbelt's research showed that the information being uploaded to the remote
server included chat sessions, user names, passwords and bank information,
he said. The bank information included details on one company bank account
with more than $350,000 in deposits and another belonging to a small
California company with over $11,000 in readily accessible cash, he said.

Many of the records being uploaded also contained eBay account information,
he said. Among the highly personal bits of information Sunbelt was able to
retrieve from the server were one family's vacation plans, instructions to a
limo driver to pick up passengers from an airport and details about one
computer user with a penchant for pedophilia.

Sunbelt officials did not say how they accessed the material. But the
existence of a large file that the company said it retrieved from the remote
server was confirmed by Computerworld. Sunbelt said the file contained user
names, addresses, account information, phone numbers, chat session logs,
monthly car payment information and salary data.

"It's one of the most egregious things we have ever seen," Eckelberry. "We
know this kind of data is out there, but this is the first time we actually
have the data that the criminals are using."

Information gathered from infected computers is uploaded to the remote
server and stored in highly organized files that appear to be accessed by
multiple ID thieves, Eckelberry said. The files grow to anywhere from 10MB
to 20MB in size before they are refreshed with new information, he said.

The FBI has been contacted and is working on the case, Eckelberry said. In
addition, Sunbelt has contacted some of the individuals and banks whose data
has been logged to warn them of the compromise.

The domain of the remote server appears to have been registered in China,
although the server itself is located in the U.S., Eckelberry said. "We are
working to get that server taken down."

He declined to offer more details.

A spokesman for the FBI could not be reached for comment.

Sunbelt's discovery brings home the seriousness and scope of the growing ID
theft problem, said Pete Lindstrom, an analyst at Spire Security LLC in
Malvern, Pa.

"I think this stuff is much more significant than the notification of
[compromises] by credit card companies," Lindstrom said. That's because the
credit card industry as a whole has better controls in place to detect and
prevent abuses resulting from such compromises than individuals, he said.

"This stuff hits home because it's personal. It's like taking something out
of your home," Lindstrom said. "Each and every one of these accounts can be
compromised, and it hurts someone."

[Paul_KY]

Looks like a few folks are going to jail for a very long time.

Gotcha!

With XP and google surf bar automatically remembering entered fields like email addresses, credit card info addresses it is no wonder the info is easy to get it isn't even encrypted!