Quake3World

Posted: **Tue Aug 09, 2005 9:26 pm**

Using the CoolWebSearch spyware to get all your personal stuff:

http://www.pcworld.com/news/article/0,aid,122149,00.asp

The CWS variant being researched by Sunbelt turned infected systems into spam zombies and uploaded a wide variety of personal information to a remote server apparently located in the U.S. That server holds a "treasure trove of information" for ID thieves, Eckelberry says.

Sunbelt's research showed that the information being uploaded to the remote server included chat sessions, user names, passwords and bank information, he says. The bank information included details on one company bank account with more than $350,000 in deposits and another belonging to a small California company with over $11,000 in readily accessible cash, he says.

Many of the records being uploaded also contained EBay account information, he says. Among the highly personal bits of information Sunbelt was able to retrieve from the server were one family's vacation plans, instructions to a limo driver to pick up passengers from an airport, and details about one computer user with a penchant for pedophilia.

Sunbelt officials did not say how they accessed the material. But the existence of a large file that the company said it retrieved from the remote server was confirmed by Computerworld. Sunbelt says the file contained user names, addresses, account information, phone numbers, chat session logs, monthly car payment information, and salary data.

"It's one of the most egregious things we have ever seen," says Eckelberry. "We know this kind of data is out there, but this is the first time we actually have the data that the criminals are using."

Information gathered from infected computers is uploaded to the remote server and stored in highly organized files that appear to be accessed by multiple ID thieves, Eckelberry says. The files grow to anywhere from 10MB to 20MB in size before they are refreshed with new information, he says.

Of course everybody who knows anything already suspects this type of thing going on, but like the guy said - to actually know where, how much and what kind of information is being stored and used is pretty scary.

Posted: **Tue Aug 09, 2005 9:38 pm**

Speaking of ID theft...i went to get an official birth certificate today (i needed one because somehow the social security office has the wrong birthdate entered for me). I got the certificate by filling out a simple form - needed absolutely no id, no social security #....i was a bit surprised..

Posted: **Tue Aug 09, 2005 10:03 pm**

tnf wrote:Speaking of ID theft...i went to get an official birth certificate today (i needed one because somehow the social security office has the wrong birthdate entered for me). I got the certificate by filling out a simple form - needed absolutely no id, no social security #....i was a bit surprised..

That's reassuring. Look at the bright side though - you could be famous when the next terrorist uses your name to get his visa before crashing into the space needle!

Posted: **Tue Aug 09, 2005 10:04 pm**

riddla wrote:I've run into tons of PCs with coolwebsearch installed by a lazy user who just clicked yes when a webpage asked if it was ok

Yea I've seen it all over the place too. I have to wonder which variant(s) of it are doing this, and how many of them I've seen have been uploading data the whole time.

Quake3World

ID Theft Ring Discovered?

ID Theft Ring Discovered?