/ Forside / Teknologi / Internet / Sikkerhed / Nyhedsindlæg
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
Her er lidt læsestof, og det er ikke hygge~
Fra : Jørgen Rasmussen


Dato : 10-08-05 11:56


>Følgende tekst fundet på nettet

Thousands of Windows Machines Compromised, Millions at Risk


The implications are staggering. Internet security software company
Sunbelt Software was investigating CoolWebSearch, a spyware package,
when they noticed that stowing away in the CoolWebSearch download were
two trojans, a spam zombie engine, and a keystroke logging program. It
was the keylogger program which took their breath away.

The keystroke logging program, undetectable by current anti-spyware
and anti-virus programs, was scouring their machine for usernames,
passwords, and bank account information, and reporting it back to its
mothership. And what a mothership it was. Or, perhaps, motherlode is a
better term. Following the keylogger’s trail, Sunbelt’s Patrick Jordan
found a massive server, located in Texas, to which thousands of
machines infected with the keylogger were reporting back daily. The
keyloggers were filling up a log file as fast as they could with
usernames, passwords, bank account information, and more. As soon as
one log file would get to a certain size, it would be zipped up and
another would be opened.

Says Sunbelt’s president, Alex Eckelberry, in his blog, “The types of
data in this file are pretty sickening to watch. You have search
terms, social security numbers, credit cards, logins and passwords,
etc..”

Testing some of the data, they found that they had immediate easy
access to personal bank accounts (so far at least 50 banks have been
implicated), where they could have readily withdrawn the money (as,
undoubtedly, the criminals behind this ring are doing as we speak).

“In a number of cases, we were so disturbed by what we saw that we
contacted individuals who were in direct jeopardy of losing a
considerable amount of money. One particularly poignant moment was a
family in Alabama whom I contacted personally last night and warned
them of what was going on. This was a family where the father had just
had open heart surgery, and they had very little money. Everything
personal was recorded in the keylogger – social security numbers,
their credit card, DOBs, login and password info for their bank and
credit card companies, etc. We were able to warn them in time before
they were seriously hurt,” explained Eckelberry on his blog.

The sheer numbers and magnitude mean that there are thousands of
Windows users who have already had their information compromised, and
millions who are potentially at risk. Eckelberry says Windows XP which
has not had ServicePack 2 applied is particularly vulnerable, and they
are testing now to see whether earlier versions of Windows may also be
at risk.

Said SpywareWarrior’s Suzi Turner, “I personally saw the site and it
made me feel physically ill. It’s one thing to read about such things
online or in the newspaper, but to see it live is devastating.”



So what to do?

In an exclusive (and quick!) interview with Aunty Spam, Eckelberry
offered this advice:

“I can’t emphasize strongly enough to Aunty Spam’s readers how
critical it is that they make sure that they are updated to the latest
Windows security patches asap – as getting patched will significantly
reduce your chances of getting infected with this trojan.
A software firewall will help but is not a panacea, as one thing this
trojan does is use RunDLL to execute its commands – something that is
usually allowed by users on firewalls. We will be coming out with a
patch in the next 24 hours which will be shared with AV security
vendors, so keep your AV program updated. Knowing if you are infected
is pretty difficult at this point – we had one user who was very
sophisticated and ran a number of scans with various products to no
avail. We’ll be posting more information as we disect this thing and
will make it available on our blog as soon as we get it.”

On a sidenote, Eckelberry says that they contacted the FBI when they
first discovered this over the weekend, and the FBI is now actively on
the case. Howewever, to the best of my knowledge, the server is still
up, and keyloggers, perhaps on your computer, are still reporting back
to the mothership.

>Dette er linket til kilden
http://www.aunty-spam.com/millions-of-windows-users-at-risk-by-massive-id-and-bank-account-theft-piggybacking-on-coolwebsearch/



 
 
///M (10-08-2005)
Kommentar
Fra : ///M


Dato : 10-08-05 13:01

Jørgen Rasmussen wrote:
> The implications are staggering. Internet security software company
> Sunbelt Software was investigating CoolWebSearch, a spyware package,

Det giver da i hvert fald opmærksomhed til firmaet der fandt det - - jeg
synes der mangler lidt facts og artiklen bærer meget præg af
"skræmmehistorie".

En søgning på CoolWebSearch gav mange hits, og ja det er ikke software man
lige bør installere for sjov, men der findes nu rigelig med anti-spyware der
kan fjerne det.

Mere info: http://www.spywareguide.com/product_show.php?id=599
Remover: http://cwshredder.net/cwshredder/cwschronicles.html

--
Mvh
///M



Jørgen Rasmussen (10-08-2005)
Kommentar
Fra : Jørgen Rasmussen


Dato : 10-08-05 14:47

On Wed, 10 Aug 2005 14:00:32 +0200, "///M" <nospam@tdcadsl.dk> wrote:

>Jørgen Rasmussen wrote:
>> The implications are staggering. Internet security software company
>> Sunbelt Software was investigating CoolWebSearch, a spyware package,

>En søgning på CoolWebSearch gav mange hits, og ja det er ikke software man
>lige bør installere for sjov, men der findes nu rigelig med anti-spyware der
>kan fjerne det.


Ja coolwebsearch har været kendt længe, det er der såmænd ikke noget
nyt i, det nye er den keylogger som tilsyneladende følger med, og den
ser ud til at være effektiv.



Jørgen Rasmussen (10-08-2005)
Kommentar
Fra : Jørgen Rasmussen


Dato : 10-08-05 22:09

On Wed, 10 Aug 2005 15:47:05 +0200, Jørgen Rasmussen
<dette@erikkeenemailadr.iudu> wrote:

Her er lidt mere om det CWS halløj.

http://netrn.net/spywareblog/archives/2005/08/05/massive-id-theft-ring-discovered/



Kasper Dupont (10-08-2005)
Kommentar
Fra : Kasper Dupont


Dato : 10-08-05 20:54

"Jørgen Rasmussen" wrote:
>
> Following the keylogger?s trail, Sunbelt?s Patrick Jordan
> found a massive server, located in Texas, to which thousands of
> machines infected with the keylogger were reporting back daily.

Hvordan fandt de da lige ud af, hvad der foregik på serveren?

--
Kasper Dupont
Note to self: Don't try to allocate
256000 pages with GFP_KERNEL on x86.

Jørgen Rasmussen (10-08-2005)
Kommentar
Fra : Jørgen Rasmussen


Dato : 10-08-05 21:58

On Wed, 10 Aug 2005 21:53:52 +0200, Kasper Dupont
<kasperd@daimi.au.dk> wrote:

>"Jørgen Rasmussen" wrote:
>>
>> Following the keylogger?s trail, Sunbelt?s Patrick Jordan
>> found a massive server, located in Texas, to which thousands of
>> machines infected with the keylogger were reporting back daily.
>
>Hvordan fandt de da lige ud af, hvad der foregik på serveren?

Ingen ide, men der er måske et html interface til serveren, aner det
ikke.



Søg
Reklame
Statistik
Spørgsmål : 177558
Tips : 31968
Nyheder : 719565
Indlæg : 6408924
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste