Sunbeltblog comments
Holy hell in a handbasket. Bravo for tracking this massive bugger down, and keep it coming -- I'm going to be watching this case for a while. As a technical support advisor, CWS has been the cause of major headaches for me for a long, long time, and I'm definitely not surprised it's responsible for many cases of identity theft. I'll be keeping a major eye out for the program and helping my clients get rid of it; I wish you and the FBI the best of luck in getting this ring identified, prosecuted, and shut down.
Ye gods. The previous post didn't imply CWS, but it seems they (or their affiliates) are behind this indeed. That's not good for their business - at all. Heh.
Good post Alex. That's why I don't do my bills online!
You would have done people a bigger favor if you had kept mum about it and just passed it on the FBI, Secret Service..... Excepting the family in Alabama.
Now the bad guys will soon find out they are being watched, and go into hiding.
ED: Actually, given the circumstances, we didn't have much choice. Trust me on that one.
Edited By Siteowner
Nice work catching this! I'm curious why you would recommend a software firewall as the best protection against this sort of threat, though. A software firewall has its uses, but all it takes is one ill-advised click on the "Allow" button and the spyware is back in business. Even experienced computer users have to wrestle with the tendency to click "Allow" without thinking it through.
I know you don't want to exploit this matter and turn it into an advertisement for CounterSpy, but I should imagine a spyware scanner is the best fix for a spyware problem. Is it possible to say "There are many good spyware scanners out there -- we even produce one -- and we recommend installing one or more, and running frequent scans"?
Something doesn't add up. Why would such a successful spyware operation bother to modify the search home page and thus expose itself?
-d
I don't think we've ever said that the keylogger modifies the search home page. It makes a call back to a remote server which is undetectable unless you're looking at firewall logs or using a sniffer.
There needs to be a second layer of knowledge-based authentication. Lots of companies are moving towards a young company called Verid from what I hear.
I have to wonder if they are behind the planting of dialer viruses, and phishing too. Here in Madison, Wisconsin, people are being targeted by phone and email phishing, and are losing *everything*- savings, checking, IRA's- they take it all, and Russia keeps coming up as the culprit. I'm wondering if maybe some of the people on file as being bilked with the Madison Police Department aren't in that database. You might want to contact them.
I used to think that these people were in the business of making me money; spyware removal.
Things are getting a bit out of hand and I have been more active in promoting Firefox and telling my customers (and friends) that 'no, yahoo is not really going to pay you $300' and that clicking on anything is just not done.
I think I saw this keylogger on my wife's computer a few months ago, I re-formated the hard drive and she lost everything.
Now, I don't feel as bad about that.
I was recently updating my mother's computer, and Zone Labsd Firewall kept alerting to a key logger in Yahoo's Messenger, does anyone know what this is about?
It could very well be a false positive. If you want help with ZA, go to castlecops.com. They are an excellent user resource.
Alex;
Have you considered starting up a volunteer force to notify victims?
Don't know if folks who read the blog would do it, or if you should even ask, but I do know that AARP has recruited seniors to help other seniors battle telemarketing fraud -- maybe someone there can hook you up with a "grey" army for this.
Seems like it could help alot of folks like that family in Alabama.
Just a thought.
It's certainly something we've considered...
yo no puedo entrar ami keylogger por que ha soy
unusuario
Ivan -- my Spanish is simply not good enough for this. We have spanish-speakers in support. Email support@sunbelt-software.com
Commenting by HaloScan
