Online ID Theft Ring Uncovered
Sunbelt on Monday advised computer users to ensure that they are running an outbound firewall to prevent themselves from becoming victims of a massive identity theft ring that is gathering personal information from "thousands of machines" according to the company's research.
The FBI is also stepping in, and is currently looking through data sent to it by Sunbelt.
The company first revealed its findings in a post to its Web log last Thursday. The research team was able to obtain the personal information of consumers including bank account numbers and PINs, usernames and passwords, and even instant messaging chat sessions.
"We're sitting upon literally thousands of pages of stolen identities that are being used right now," Sunbelt President Alex Eckelberry wrote at the time.
Sunbelt spyware researcher Patrick Jordan is being credited with the discovery. According to Eckelberry, Jordan was doing research on a CoolWebSearch exploit when he discovered a "keylogger." These programs are small applications that record all keystrokes and then send the data to a central location.
"The scale is unimaginable," Eckelberry wrote. "There are thousands of machines pinging back daily." He said the server that the data is being stored on is in the US, however the domain is registered to an offshore entity.
Sunbelt has contacted several people that the keylogger contained a great deal of information on, but they said there was not much it could do without bringing in external resources. Eckelberry hoped law enforcement would start alerting victims.
Eckelberry recommends users ensure they have an anti-virus and firewall program installed. "Get a software firewall in place that has outbound protection. Try Sygate's free one. An antispyware or antivirus program will not likely have caught this thing," he wrote on Monday.
He also recommended that if you discover you are infected to call "your banks, paypal, eBay, credit card companies, whatever" and report it. Also disconnecting from the Internet and seeking help to professionally clean your machine is also recommended.
Security expert Suzi Turner wrote on Friday in the Spyware Warrior Web log that seeing the actual data made her "physically ill."
"It's one thing to read about such things online or in the newspaper, but to see it live is devastating. I don't know, and I don't know if anyone knows at this point, how many people might have been affected and had their information logged."