card-fraud.com
home | alerts  
c a r d - f r a u d . c o m

Software Steals Data - Accounts at over 50 Banks Affected

August 08, 2005

Sunbelt Software, an anti-spyware tools company said they found a Trojan that is downloaded with well known spyware program that was used to steal confidential information. Accounts belonging to Bank of America, PayPal and over 50 international banks have been compromised by this malignant code. The number of computers affected is estimated at a few thousand.

The spyware program belongs to a dangerous class of browser hijacking tools known as CoolWebSearch (CWS). CWS programs are used to redirect users to websites that use spyware tools to collect a variety of information from infected computers and are difficult to detect.
This particular Trojan would gather personal information from the compromised computer and upload it to a remote server, where it is saved as a file. The Trojan carries out keylogging and gathers information from Internet Explorer's auto-complete function. This data includes any information that has been typed into forms, including usernames and passwords. The files grow to anywhere from 10MB to 20MB in size before they are refreshed with new information. The information uploaded to the remote server included user names, passwords, bank information, credit card numbers, security codes and chat session transcripts. EBay account information and even holiday plans were being uploaded. The files seem to be accessed by multiple ID thieves. 

The malicious code is hosted on a Web site that mainly hosts pornography. Users of Windows XP that have not installed SP2 are particularly vulnerable as the code will be automatically. Windows 2000 and Windows ME may also be vulnerable. 

Sunbelt was able to retrieve a large file from the remote server. The file contained user names, addresses, account information, phone numbers, chat session logs, monthly car payment information and salary data. Eric Sites, the vice-president of research and development at Sunbelt said that Sunbelt had found one customer's credit card number, expiry date and security code as well as their name and address, which would allow anyone to use their credit card.



Back to Alerts
Card-Fraud.com

 | Report a broken link | Report an error | Disclaimer |
Search Our Site
 
Web card-fraud.com
Google


| Home | Consumers | Merchants | Banks, Issuers & Processors | About Us |