-=PCTechTalk=- FW: Spyware Weekly Newsletter :: Special Report

  • From: ~OoO~ <sirtroth@xxxxxxxxx>
  • To: <pctechtalk@xxxxxxxxxxxxx>
  • Date: Tue, 18 Oct 2005 12:24:51 -0400

Slightly old news...


-----Original Message-----
From: newsletter@xxxxxxxxxxxxxxx [mailto:newsletter@xxxxxxxxxxxxxxx]=20
Sent: Monday, August 08, 2005 5:31 PM
To: charlesmtfnews@xxxxxxxxx
Subject: Spyware Weekly Newsletter :: Special Report

Spyware Weekly Newsletter :: Special Report 8-8-05
The Spyware Weekly Newsletter is distributed every week to 18,100 =
subscribers and read online by tens of thousands of visitors. Click here =
to subscribe. To unsubscribe from this newsletter, click the link =
provided at the bottom of the newsletter. Please read our Terms of Use =
for quoting guidelines. Old issues are available online. This edition of =
the Spyware Weekly Newsletter is archived permanently at =

Financial Passwords and Credit Card Numbers Stolen From Thousands of =

There is more information about the identity theft operation I reported =
late Saturday.=20

Patrick Jordan, a researcher for Sunbelt, maker of Counterspy =
antispyware, made the discovery while investigating a new variant of the =
CoolWebSearch browser hijacker. After this variant was running on his =
test machine, Jordan discovered that it had downloaded and installed =
surveillance spyware.=20

This as-yet-unidentified spyware logs instant message and other chat =
activity, the web addresses visited by the victim, user names and =
passwords the victim uses to log into various web sites, as well as =
information filled out on web site forms. The spyware also accesses =
Microsoft's Internet Explorer "Protected Storage", which is where =
Internet Explorer stores information and passwords entered into web =

Once this information has been collected, it is transmitted to a remote =
web server over the internet. Once transmitted to the server, the =
information is dumped into an unencrypted file. Anyone who knows the =
address of this server can view this file. One bank account, whose =
complete access information has been stored on this remote server, is =
worth over $350,000.00 USD.=20

The personal information of thousands of victims is being written to =
this file on a continuing basis. Sunbelt has been monitoring the file =
and has discovered that the information it contains is being compressed =
and archived at regular intervals. The file then is reset to blank so =
that more information can be written to it.=20

It is not, as was first reported here and elsewhere, the CoolWebSearch =
software itself that is stealing this personal information. Rather, the =
spyware is downloaded and installed by this particular variant of CWS =
after it is running on the victim's machine. There are two known =
versions of this spyware. It is unknown at this time whether =
CoolWebSearch.com or the affiliate responsible for this variant have =
access to the spyware or the information that it is collecting.=20

The FBI as well as the US Secret Service are investigating. Neither =
organization will comment on the matter.=20

If you suspect that you have this spyware installed, you are urged to =
install a firewall immediately, then block all outbound access to the =
internet. Kerio and ZoneLabs both make excellent software firewalls. =
Then you should contact your bank and credit card companies. Following =
that, log in from an uninfected machine and change all passwords on web =
sites where you have an account.=20

If you determine for a fact that this or any other spyware is installed =
on your computer and that your financial accounts have been compromised, =
you should contact your local police department. They should put you in =
contact with any Federal agency investigating the crime.=20

We are continuing to update our news section with related stories as we =
see them.=20

http://www2.spywareinfo.com/2005/08/06/546 :: Identity Theft Ring =
Discovered By Spyware Researcher
http://www.sunbelt-software.com/ :: Sunbelt Counterspy
http://www.kerio.com/kpf_home.html :: Kerio
http://www.zonealarm.com :: ZoneAlarm
http://www2.spywareinfo.com/category/news/cws-id-theft/ :: ID Theft =


Click the link below to unsubscribe.

To unsubscribe, go to the followig URL :

<Please delete this line and everything below.>

To unsub or change your email settings:

To access our Archives:

Other related posts:

  • » -=PCTechTalk=- FW: Spyware Weekly Newsletter :: Special Report