On edit: Other sources seem to be picking up this story. Additional citatations at bottom of post. Massive spyware-based identity theft ring uncovered
8/5/2005 11:13:24 PM, by Clint Ecker
Researchers from a little-known security software company named Sunbelt Software have seemingly uncovered a criminal identity theft ring of massive proportions. According to one of their employees, Alex Eckelberry, during the course of one of their recent investigations into a particular Spyware application—rumored to be called CoolWebSearch—they've discovered that the personal information of those "infected" was being captured and uploaded to a server.
One can only speculate about why someone would do such a thing; the amount of data that could be gathered would almost certainly be daunting for even a few people to sift through and exploit. On the other hand, the researchers at Sunbelt have personally uncovered the personal information of two individuals who, combined, could be taken for well over US$350,000.
The list of stolen information includes not only bank accounts but website passwords, eBay accounts, what sort of adult images you fancy, and, supposedly, even more. The researchers initially had tried in vain to get a hold of someone who could take action on this issue but didn't get a response right away:
We have notified the FBI, but of course no response (too busy doing other more important things). We have notified a few of the parties involved...If anyone has any other ideas, send 'em to us. Right now, we're sitting upon literally thousands of pages of stolen identities that are being used right now.
Good news came today, though, that the FBI had responded and are currently working the case. We've emailed Alex and tried to see if we could get any more details about the whole thing out of him, but at the time of publication, we had not received a response. Hopefully the people who've perpetrated this massive-scale theft of personal data can be quickly caught and brought to justice due to the quick actions of Alex Eckelberry and the researcher who discovered the crime, Patrick Jordan.
More:
http://arstechnica.com/news.ars/post/20050805-5175.htmlSee also:
Sorted by relevance Sort by date
Because CoolWebSearch Wasn't Sleazy Enough...
BroadbandReports.com, NY - Aug 5, 2005
Anti-Spyware firm Sunbelt Software "stumbled upon" a massive ID theft ring that had been using a CoolWebSearch variant to dump personal info gleaned from
http://www.broadbandreports.com/shownews/66178Anti-spyware firm warns of massive ID theft ring
NetworkWorld.com, MA - Aug 5, 2005
... research Sunbelt was doing on a spyware program belonging to a particularly dangerous class of browser hijacking tools called CoolWebSearch (CWS), according to ...
http://www.networkworld.com/news/2005/080505-id-theft.htmlSpyware 'calling home' volumes soar
Register, UK - Jul 25, 2005
... The firm said malware such as CoolWebSearch, which hides on an infected client using newly developed root-kit architecture, often evades detection
http://www.theregister.co.uk/2005/07/25/spyware_screening/<snip>
Around October 2004, many mainstream web servers, including major advertising networks, were hacked by a CoolWebSearch affiliate (apparently using security holes in old versions of PHP and/or OpenSSL via Apache). Visitors to these sites were served with exploits that installed CoolWebSearch variants along with other parasites such as BargainBuddy/BullsEye and /Cashback, BookedSpace, HuntBar/WinTools, FavoriteMan/ATPartners, Look2Me/V3, InternetOptimizer, ISTbar/XXXToolbar, /SideFind, /ActiveX and /YSB, nCase, NeoToolbar, PowerScan, SaveNow/VVSN, SearchMiracle, TIBS (dialler), TopConverting, TopMoxie/WebRebates, WildMedia/WMService and WindUpdates/WinAdTools. Previous CoolWebSearch exploits had also installed some of these, as well as Tubby and OnlineDialer/Ole, zombie botnet clients and even internet banking password-stealing trojans.
Other parasites related to CoolWebSearch and often considered part of the same family include Winshow, SuperSpider, SCAgent, SRE and FreshBar.
http://www.doxdesk.com/parasite/CoolWebSearch.htmlMore:
http://www.doxdesk.com/parasite/CoolWebSearch.html