Computer Crime Research Center


A huge spyware ring revealed, Sunbelt Software

Date: August 13, 2005
Source: Computer Crime Research Center
By: CCRC staff

Companies and individual Internet users can now protect themselves against a dangerous piece of malware which steals personal information such as credit card and banking detail.

Security firm Sunbelt Software discovered a huge identity-theft ring late last week. On Thursday, it announced it has developed protection against the keylogger responsible, called Srv.SSA-KeyLogger, which was discovered during research into a piece of spyware called CoolWebSearch.

Srv.SSA-KeyLogger secretly steals data from users' Internet sessions, including logins and passwords from online banking sessions, and Web sites such as eBay and PayPal which use HTML forms to collect personal information.

Sunbelt says it has now issued an update for its consumer CounterSpy anti-spyware product that offers protection against Srv.SSA-KeyLogger. Companies who use CounterSpy Enterprise will receive updates within the next few days, once testing is completed.

Those who use anti-spyware products from other security companies should not have long to wait until they are protected — Sunbelt says it is "sharing data on the keylogger with other major security companies to ensure the industry has the information necessary to react rapidly to this threat."

Sunbelt is also offering a free tool that detects and removes the keylogger on its Web site.

"This is a very dangerous piece of spyware and we urge users to scan their computers immediately to see if they are infected," says Alex Eckelberry, president of Sunbelt Software, in a statement.

It's thought that Srv.SSA-KeyLogger has only been operating for a couple of weeks. The FBI is understood to have launched an investigation.

Eric Sites, the vice-president of research and development at Sunbelt, told ZDNet UK earlier this week that the malware has stolen confidential details from customers of at least 50 different banks.

Sunbelt has contacted some of the affected individuals to warn them their personal details had been exposed. It has also informed the FBI. It remains unclear if the keylogger is directly related to CWS or not. Sunbelt advises consumers to use a personal firewall to prevent the key logger from "phoning home".

The use of key logging software on an industrial scale is rare but not unprecedented. Malware can be programmed to send back sensitive information to designated servers, in some cases logging into the servers using passwords written into viral code. Security researchers able to reverse engineer items of malware can extract this password and location information and use it to monitor hacker activity.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo