Slightly old news... ---Troth -----Original Message----- From: newsletter@xxxxxxxxxxxxxxx [mailto:newsletter@xxxxxxxxxxxxxxx]=20 Sent: Monday, August 08, 2005 5:31 PM To: charlesmtfnews@xxxxxxxxx Subject: Spyware Weekly Newsletter :: Special Report Spyware Weekly Newsletter :: Special Report 8-8-05 The Spyware Weekly Newsletter is distributed every week to 18,100 = subscribers and read online by tens of thousands of visitors. Click here = to subscribe. To unsubscribe from this newsletter, click the link = provided at the bottom of the newsletter. Please read our Terms of Use = for quoting guidelines. Old issues are available online. This edition of = the Spyware Weekly Newsletter is archived permanently at = http://www2.spywareinfo.com/2005/08/08/569. Financial Passwords and Credit Card Numbers Stolen From Thousands of = Machines There is more information about the identity theft operation I reported = late Saturday.=20 Patrick Jordan, a researcher for Sunbelt, maker of Counterspy = antispyware, made the discovery while investigating a new variant of the = CoolWebSearch browser hijacker. After this variant was running on his = test machine, Jordan discovered that it had downloaded and installed = surveillance spyware.=20 This as-yet-unidentified spyware logs instant message and other chat = activity, the web addresses visited by the victim, user names and = passwords the victim uses to log into various web sites, as well as = information filled out on web site forms. The spyware also accesses = Microsoft's Internet Explorer "Protected Storage", which is where = Internet Explorer stores information and passwords entered into web = forms.=20 Once this information has been collected, it is transmitted to a remote = web server over the internet. Once transmitted to the server, the = information is dumped into an unencrypted file. Anyone who knows the = address of this server can view this file. One bank account, whose = complete access information has been stored on this remote server, is = worth over $350,000.00 USD.=20 The personal information of thousands of victims is being written to = this file on a continuing basis. Sunbelt has been monitoring the file = and has discovered that the information it contains is being compressed = and archived at regular intervals. The file then is reset to blank so = that more information can be written to it.=20 It is not, as was first reported here and elsewhere, the CoolWebSearch = software itself that is stealing this personal information. Rather, the = spyware is downloaded and installed by this particular variant of CWS = after it is running on the victim's machine. There are two known = versions of this spyware. It is unknown at this time whether = CoolWebSearch.com or the affiliate responsible for this variant have = access to the spyware or the information that it is collecting.=20 The FBI as well as the US Secret Service are investigating. Neither = organization will comment on the matter.=20 If you suspect that you have this spyware installed, you are urged to = install a firewall immediately, then block all outbound access to the = internet. Kerio and ZoneLabs both make excellent software firewalls. = Then you should contact your bank and credit card companies. Following = that, log in from an uninfected machine and change all passwords on web = sites where you have an account.=20 If you determine for a fact that this or any other spyware is installed = on your computer and that your financial accounts have been compromised, = you should contact your local police department. They should put you in = contact with any Federal agency investigating the crime.=20 We are continuing to update our news section with related stories as we = see them.=20 Links: http://www2.spywareinfo.com/2005/08/06/546 :: Identity Theft Ring = Discovered By Spyware Researcher http://www.sunbelt-software.com/ :: Sunbelt Counterspy http://www.kerio.com/kpf_home.html :: Kerio http://www.zonealarm.com :: ZoneAlarm http://www2.spywareinfo.com/category/news/cws-id-theft/ :: ID Theft = Updates =20 -------------------------------------------------------------------------= ----- Click the link below to unsubscribe. To unsubscribe, go to the followig URL : http://www.spywareinfo.com/subscribe_text/ml.php?type=3Ddesinscription&ad= dr=3Dcharlesmtfnews@xxxxxxxxx&hash=3Dd6173158f8f2556e7d237e7e02f1c487 -- <Please delete this line and everything below.> To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/