[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

High Alert! A Trump wave is about to DESTROY the Deep State in DC.

President Trump’s Signature Dance Takes Over the NFL (Video)

FAKE NEWS FAIL: New York Times “Fact Check” of Important RFK, Jr. Claim

Medicare Raided to Fund Green Agenda: Premiums Set to Spike

Visualizing How Trump Realigned The Political Landscape

GOD BLESS THE USA - TRUMP MUSIC VIDEO

10 Things You MISSED About Trump's Assassin

In "Major Policy Shift" Biden Authorizes Ukraine's Use Of US Missiles To Hit Targets Inside Russia

MSG ERUPTS Into USA Chants As Trump PULLS UP With Elon Musk And THE AVENGERS To UFC 309!

Preschool teacher-turned-soldier brings down Russian missile with Igla system

Sunday Morning Futures With Maria Bartiromo 11/17/24 | BREAKING FOX NEWS November 17, 2024

Sadhguru's Message to America After Donald Trump's Election Victory

U.S. states are passing internet age verification laws as a cover to compel people into using digital IDs

US Train trackss creak with ago se we build a new line in Peru!!

EVIDENCE OF A ZIONIST MAFIA ₪ HOW ISRAEL CONTROLS THE US AND GLOBAL POLITICS

Women Have Been RADICALIZED, Men HAVE NOT, Data Proves Women Are Becoming MORE EXTREME Politically

Democrat Congressman Dan Goldman Has Worst Case of TDS Yet?

It Is Called 18 U.S.Code 242

Boebert Asks Witnesses If DoD Is Creating ‘Hybrids’ Of Human & Non-Human Genetics

IRAN EXPANDS "NOTAM" TO FOUR ADDITIONAL ZONES - Retaliation Against Israel?

East Coast's Largest Grocer Hit by Cyber Attack: Ahold Delhaize Operations Halted

Sen. Mike Lee Has an Excellent Idea to Stop Democrat Bob Casey From Stealing Pennsylvania’s Senate Race

Left-wing dark money network hauled in more than $1.3B in anonymous donations for liberal causes in 2023

Kennedy to use DOJ investigate and punish collusion between Big Pharma and medical boards /medical journals

Bessent Vs. Lutnick: Musk & RFK Push For Pro-Crypto Treasury Secretary While Bass Backs Rumored Favorite

CNN’s Dana Bash slams anti-Israel protester who confronted her at synagogue: ‘No shame, no decency, and no clue’

Biden's Cabinet Nominees Were Completely Unqualified Compared To Trump's

Elon Musk's X Corp. files notice in Alex Jones' Infowars bankruptcy case

Pilot Fired by Biden. Hired ny Trump.

Blacks have to be defined more than as victims of oppression


Science/Tech
See other Science/Tech Articles

Title: ID theft spyware scam uncovered
Source: BBC
URL Source: http://news.bbc.co.uk/1/hi/technology/4173218.stm
Published: Aug 23, 2005
Author: Mark Ward
Post Date: 2005-08-23 07:29:12 by Zipporah
Keywords: uncovered, spyware, theft
Views: 114
Comments: 10


Online banking login screen, BBC
Accounts at 50 banks are in danger of being plundered

Thousands of computer users have been caught out by a huge ID theft ring.

Security firm Sunbelt Software said it stumbled across a US-based server storing megabytes of data stolen from compromised computers while researching spyware infections.

The server held passwords for online accounts from 50 banks, Ebay and Paypal logins, hundreds of credit card numbers and reams of personal data.

The FBI has reportedly now started investigating the ring of ID thieves.

Hidden data

The bug that has stolen all the data is thought to be a variant of a family of trojans known as Dumaru or Nibu that exploit a vulnerability in Microsoft's Internet Explorer browser.

The trojan, a malicious piece of code, automatically downloaded itself on computers when people visited sites harbouring the program.

AutoComplete settings, Microsoft

The way the data is laid out, the quality of it, it's very easy to go through and use it for nefarious purposes

Eric Sites, Sunbelt Software

The hidden payload in this bug is a keylogger that grabs a copy of everything a user types.

What made this bug so effective was its ability to grab text stored on the clipboard and by Internet Explorer, said Eric Sites, vice president of research and development at Sunbelt Software.

Microsoft's browser has a feature, called AutoComplete, that automatically populates boxes on web forms where people typically fill in names, addresses, e-mail addresses, credit card numbers and other biographical details.

The feature is supposed to make filling in forms on websites less of a chore. In this case, said Mr Sites, it helped the ID thieves get hold of enormously valuable data.

Typically a keylogger produces a file containing an unbroken string of characters, said Mr Sites.

"It's usually very hard to take that and do anything with it," he told the BBC News website.

By contrast, AutoComplete data is already labelled and sorted because the browser has to know where to put each item.

"The way the data is laid out, the quality of it, it's very easy to go through and use it for nefarious purposes," he said. "This is about getting money and stealing."

Megabytes of data

The BBC News website was shown the server and some of the files containing personal data that it was storing. Each file was full of login names, e-mail addresses, credit card details and everything needed to steal someone's identity or simply empty their bank account.

Analysis of information in the files revealed login details for online services at 50 banks as well as user details for many Ebay and Paypal accounts. One bank account had more than $380,000 in it.

Sunbelt has contacted some of the people identified in the files to warn them that they have fallen victim to the bug. Banks, credit card firms, Ebay and Paypal have been told about compromised accounts.

The server at the centre of the ID theft ring had many multi-megabyte sized files on it, said Mr Sites. The server, which was based in the US, was regularly cleaned out by the thieves who created the trojan.

Infected machines sent files back hourly or when the logs of data they were collecting had reached a certain size.

Browser danger

Mr Sites said that, so far, the trojan had been found on porn sites and websites offering cracks for pirated software. But, he said, the trojan was likely to be on many other websites as it had managed to infect so many users.

Sunbelt believes the trojan has been circulating for about three weeks and in that time has probably infected thousands of victims.

The vulnerability it exploits means that all a user has to do to fall victim is to visit the wrong site.

"Type in a web link and your machine is infected," said Mr Sites. "You do not have to click on anything, the website forces the installation."

Many victims may have no idea that they have been infected.

"This version of the trojan was very successful," he said. "It was very small, hard to detect, the file had a very innocuous name and did not cause any problems to the machine.

The size and sophistication of the ID theft ring led anti-virus and security companies to quickly produce tools that can spot if a machine has been compromised by the server and clean up infected machines.

The trojan was tricky to spot because the files being sent back to the server were disguised as data traffic generated by a user's browser.

(6 images)

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: Zipporah (#0)

Tell me Nooooooooo.......

Jethro Tull  posted on  2005-08-23   8:09:41 ET  Reply   Trace   Private Reply  


#2. To: Zipporah (#0)

The vulnerability it exploits means that all a user has to do to fall victim is to visit the wrong site.

The vulnerability it exploits means that all a user has to do to fall victim is to visit the wrong site with the wrong browser.

(If you see flies at the entrance to the burrow, the ground hog is probably inside)

purpleman  posted on  2005-08-23   8:34:44 ET  Reply   Trace   Private Reply  


#3. To: purpleman (#2)

The vulnerability it exploits means that all a user has to do to fall victim is to visit the wrong site with the wrong browser.

Seems so. A family member recently fell victim to someone trying to empty their bank account but this person never uses Explorer and never uses their bank card to do online purchases.. so I have no idea how they got the bank card #.

'Don't Dream It's Over'

Zipporah  posted on  2005-08-23   8:47:06 ET  Reply   Trace   Private Reply  


#4. To: Zipporah (#3)

If they wrote fake checks against the account, then it was fairly trivial. They just need an account number (which they might guess semi-randomly knowing the pattern for that bank), plus the bank routing number. Then they can print checks and spend them with a fake ID. They probably don't need a real name. They certainly don't need a real number on the ID (e.g. SSN).

If it was an online transaction, they may have signed up for an online account in your family member's name, or figured out their account info. Some online banks do a very poor job of setting up the accounts. Before a change a year ago, my online banking account was my account# and the last 4 digits of my SSN for a pin. Stupid. Once in an online account, a thief can send a payment to a destination of their choice to buy stuff or maybe even get cash.

(If you see flies at the entrance to the burrow, the ground hog is probably inside)

purpleman  posted on  2005-08-23   12:12:52 ET  Reply   Trace   Private Reply  


#5. To: Jethro Tull (#1)

People who run Windows should expect to get every virus, worm, trojan horse and every other digital nasty out there on the internet. Running Windows is like having a virus honeypot on your desktop, IMHO.

Gold and silver are real money, paper is but a promise.

Elliott Jackalope  posted on  2005-08-23   12:19:29 ET  Reply   Trace   Private Reply  


#6. To: Elliott Jackalope (#5)

Pardon the computer illiterate question EJ, but this machine comes with XP as the platform. How do I change platforms, and which one is best?

Jethro Tull  posted on  2005-08-23   12:28:07 ET  Reply   Trace   Private Reply  


#7. To: Jethro Tull (#6)

Which platform is best? That's a big question with lots of answers. However, I've been using computers for a living since Jimmy Carter was president. I've used more operating systems and proprietary environments and software platforms than you've got fingers and toes. I've owned over a dozen PC's over the last fifteen years. As of now I run only Apple computers running OS X, and my advice to everyone out there is to at least take a good look at what Apple has to offer, and if it makes sense then switch.

I'm not saying Apple computers are perfect or that you'll never, ever have a problem. It's just that I now have way, way fewer problems, like about one where there used to be ten. All in all OS X is very solid and very powerful. If you are not welded to Windows then you really should consider OS X.

Gold and silver are real money, paper is but a promise.

Elliott Jackalope  posted on  2005-08-23   12:36:28 ET  Reply   Trace   Private Reply  


#8. To: Zipporah (#0)

The trojan was tricky to spot because the files being sent back to the server were disguised as data traffic generated by a user's browser.

I think this means that a firewall would not catch the outgoing data sent from the user's computer to the server. When you first set up a firewall and then use IE, there is a prompt asking if you want to allow IE to access the internet. You have to select yes so IE can access websites. So the way I read the above statement, the personal data sent from the user's machine to the server will simply be viewed as IE accessing the internet. Since the user gave IE permission to do this, there would be no warning when the user's data was sent out.

Why is it anti-semitic to recognize the counterproductive nature of an alliance with Israel that emboldens them to recklessly oppress Palestinians? Why is it anti-semitic to criticize the spending of US taxpayer money to shore up a garrison state which commenced its existence by "displacing" Palestinians, to the Chagrin of Arabs who are thereby motivated to attack U.S. citizens?

'Because it is.' -Goldi-Lox

Bayonne  posted on  2005-08-23   12:40:38 ET  Reply   Trace   Private Reply  


#9. To: Elliott Jackalope (#7)

I'm not saying Apple computers are perfect or that you'll never, ever have a problem. It's just that I now have way, way fewer problems, like about one where there used to be ten.

I've heard this mentioned. I also heard a curious reason why Apple isn't as vulnerable as Windows. The expert claimed that Apple isn’t inherently safer than MS. Rather, since the MS pool of users is 90% of what Apple is, viruses are designed with the this larger target in mind.

I will look into Apple tho. I need a new desktop.

Jethro Tull  posted on  2005-08-23   13:07:47 ET  Reply   Trace   Private Reply  


#10. To: Jethro Tull (#9)

Check out this article about Windows and Apples and viruses and all of that. Notice the bit at the end that states that the only problem Apple users had is if they were using a network to store data on Windows machines. Those of us who have banished Microsoft from our operations don't have those problems any longer.

The bottom line is that hackers like to do "big things", things that stand out to their peers and make them look like "elite coders" (or l33t or w00t or whatever it is nowadays). Well, as of now nothing would stand out like writing a nasty virus for the unix world in general, or Apple OS X in particular. That would be the ultimate proof of "elite ability". Yet there has been precious little like that out there, and precious few have been affected.

Remember, unix is the backbone of the internet. All of that "http" stuff you see in your browser window referres to "hypertext transfer protocol", and that all started in the unix world. Think about it, all of those viruses spread around the internet, but they don't kill the machines they are transported on. Isn't that something to make you wonder a little bit?

The bottom line is that Windows is attacked because Windows is vulnerable. If you're a vandal, you've got to think to youself "why bother to work hard to break into a high-security vault when you could go bust into a tin shed out on the back forty, and wreak considerable havoc in the process?"

Gold and silver are real money, paper is but a promise.

Elliott Jackalope  posted on  2005-08-23   15:13:42 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]