Complain about a product or service

IT Firm Uncovers Identity Theft Scam

By Martin H. Bosworth
ConsumerAffairs.com

August 23, 2005
A routine study of a malicious spyware program led an Internet security company to a vast identity-theft criminal enterprise.

The perpetrators used a "keylogger" program to infiltrate users' systems, record their passwords, and feed the information back to a central server. The scammers were able to gain access to thousands of individuals' bank account numbers, credit card numbers, and other vital personal information.

Eric Sites, vice president of research and development for Clearwater, FL-based Sunbelt Software estimates that at least 27,000 personal computers may have been infected.

Patrick Jordan, a Sunbelt employee, was performing an examination of the infamous "CoolWebSearch" spyware program when he noticed the machine he was using sent a notification to another machine.

He traced the notification back to a remote server somewhere in the United States, and was shocked to find it contained records of "passwords for online accounts from 50 banks, eBay and PayPal logins, hundreds of credit card numbers and reams of personal data," according to BBC News.

Sites himself has seen individuals' retirement plans, "investments from Fidelity…all kinds of sensitive stuff."

Alex Eckelberry, president of Sunbelt, posted a warning regarding the virus on his blog on August 4th and notified the FBI of the ring's existence.

Eckelberry personally contacted several individuals and families whose information was stolen by the identity thieves. The company has been creating special programs to track down and identify the stolen credit card numbers and send them to the major credit companies, with similar plans being developed for banks, as well as PayPal and eBay.

Since the initial discovery, Sunbelt's staff has discovered four variants of the spyware program, which appear to have been utilized by the same people. The server is located in the United States, but the program appears to originate somewhere in Russia.

The "keylogger" program, called "Srv.SSA-KeyLogger", steals information by recording and logging everything a user types on their keyboard. This particular keylogger is part of a Trojan spyware program that infiltrated computers through the Microsoft Internet Explorer browser, and copied information stored in the Windows "AutoComplete" feature, such as private passwords and account numbers.

According to Sites, "everything you've done on your computer" can be found in this file.

Sites also strongly recommended that Windows users install the latest security updates and patches to their software. "None of [the infected computers] had Service Pack 2 on them, and most didn't have Service Pack 1," he said. "Just use the updates and you'll be all right."

Of course, one of the best defenses against spyware -— particularly browser-related spyware -- is the Mozilla Firefox Web browser. In this case, Firefox does not possess the flaw that renders computers using Internet Explorer vulnerable to the keylogger program.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Share		Follow us on Twitter.

Back to the top |