>Følgende tekst fundet på nettet
Thousands of Windows Machines Compromised, Millions at Risk
The implications are staggering. Internet security software company
Sunbelt Software was investigating CoolWebSearch, a spyware package,
when they noticed that stowing away in the CoolWebSearch download were
two trojans, a spam zombie engine, and a keystroke logging program. It
was the keylogger program which took their breath away.
The keystroke logging program, undetectable by current anti-spyware
and anti-virus programs, was scouring their machine for usernames,
passwords, and bank account information, and reporting it back to its
mothership. And what a mothership it was. Or, perhaps, motherlode is a
better term. Following the keylogger’s trail, Sunbelt’s Patrick Jordan
found a massive server, located in Texas, to which thousands of
machines infected with the keylogger were reporting back daily. The
keyloggers were filling up a log file as fast as they could with
usernames, passwords, bank account information, and more. As soon as
one log file would get to a certain size, it would be zipped up and
another would be opened.
Says Sunbelt’s president, Alex Eckelberry, in his blog, “The types of
data in this file are pretty sickening to watch. You have search
terms, social security numbers, credit cards, logins and passwords,
etc..”
Testing some of the data, they found that they had immediate easy
access to personal bank accounts (so far at least 50 banks have been
implicated), where they could have readily withdrawn the money (as,
undoubtedly, the criminals behind this ring are doing as we speak).
“In a number of cases, we were so disturbed by what we saw that we
contacted individuals who were in direct jeopardy of losing a
considerable amount of money. One particularly poignant moment was a
family in Alabama whom I contacted personally last night and warned
them of what was going on. This was a family where the father had just
had open heart surgery, and they had very little money. Everything
personal was recorded in the keylogger – social security numbers,
their credit card, DOBs, login and password info for their bank and
credit card companies, etc. We were able to warn them in time before
they were seriously hurt,” explained Eckelberry on his blog.
The sheer numbers and magnitude mean that there are thousands of
Windows users who have already had their information compromised, and
millions who are potentially at risk. Eckelberry says Windows XP which
has not had ServicePack 2 applied is particularly vulnerable, and they
are testing now to see whether earlier versions of Windows may also be
at risk.
Said SpywareWarrior’s Suzi Turner, “I personally saw the site and it
made me feel physically ill. It’s one thing to read about such things
online or in the newspaper, but to see it live is devastating.”
So what to do?
In an exclusive (and quick!) interview with Aunty Spam, Eckelberry
offered this advice:
“I can’t emphasize strongly enough to Aunty Spam’s readers how
critical it is that they make sure that they are updated to the latest
Windows security patches asap – as getting patched will significantly
reduce your chances of getting infected with this trojan.
A software firewall will help but is not a panacea, as one thing this
trojan does is use RunDLL to execute its commands – something that is
usually allowed by users on firewalls. We will be coming out with a
patch in the next 24 hours which will be shared with AV security
vendors, so keep your AV program updated. Knowing if you are infected
is pretty difficult at this point – we had one user who was very
sophisticated and ran a number of scans with various products to no
avail. We’ll be posting more information as we disect this thing and
will make it available on our blog as soon as we get it.”
On a sidenote, Eckelberry says that they contacted the FBI when they
first discovered this over the weekend, and the FBI is now actively on
the case. Howewever, to the best of my knowledge, the server is still
up, and keyloggers, perhaps on your computer, are still reporting back
to the mothership.
>Dette er linket til kilden
http://www.aunty-spam.com/millions-of-windows-users-at-risk-by-massive-id-and-bank-account-theft-piggybacking-on-coolwebsearch/