A Florida-based anti-spyware company says it has uncovered an identity theft ring that is "staggering in its proportions."
The warning came the week Microsoft released its latest security patches for Windows, including three to fix critical vulnerabilities Microsoft says "could allow an attacker to take complete control of an affected system."
Sunbelt Software CEO Alex Eckleberry says one of his researchers came across a trove of stolen data as the company was investigating a "fairly routine" spyware infestation.
In an interview, Eckelberry said "we saw a remote call back to a remote server executed while we were working on the infestation." When they traced it back to the server, they were able to "tap into a tremendous amount of information stolen from people's computers." Data included passwords, bank account information as well as information from Paypal and eBay accounts. It affects users of Microsoft Internet Explorer — the Internet browser that comes with Windows. He described the malicious software that steals the information as "very, very sophisticated."
The CEO of Sunbelt Software tells Larry Magid the data collected is "staggering in its proportions." Click here to listen to the interview
Eckelberry says that this is a different type of Trojan than has been discovered in the past because of the way it sends data back to the server. "To our knowledge, it's the first of its kind," he wrote on his blog.
Eckelberry emphasizes that this is not a ploy to get people to buy his product because "anti-spyware or antivirus programs will likely not catch it. So, if you think I'm trying to sell CounterSpy through this news, find another conspiracy story to go after." He says that his company contacted the FBI, with details about the alleged break-ins.
An FBI spokeswoman in Tampa says the agency is "aware of the information" but would not confirm or deny that an investigation is underway.
Regardless of what is eventually found out about this story, there is no question that people can be left vulnerable to ID theft by malicious software that winds up on their computer.
Fortunately, there are things you can do to greatly minimize the chances of being victimized by this or other types of attacks. First, you should be sure that your machine has been updated with the latest Microsoft Windows patches.
Microsoft's latest security patches, released Tuesday, correct problems including vulnerabilities within Internet Explorer.
There are also vulnerabilities in the "plug and play" code and the print spooling service that can also allow an attacker to take control of a user's PC. The software giant is urging Windows users to download and install the latest fixes, which can be found at windowsupdate.microsoft.com (you must use Internet Explorer to access this site).
If you haven't already done so, you should download Windows XP Service Pack 2, which includes a number of security features, including a rudimentary but useful built-in firewall that helps protect you against intruders.
For better firewall protection, it's best to install a more robust third party program including free personal firewall programs from Sygate and ZoneAlarm or more complete Internet security programs from TrendMicro, Symantec, McAfee, ZoneAlarm and other security companies.
Eckelberry adds that although an anti-spyware program may not have protected users against this particular situation, it is nevertheless a very good idea to install anti-spyware software. Free programs are available from Microsoft, Spybot and LavaSoftUSA and commercial programs are available from most PC security companies, WebRoot Software and Sunbelt Software.
A syndicated technology columnist for nearly two decades, Larry Magid serves as on air Technology Analyst for CBS Radio News. His technology reports can be heard several times a week on the CBS Radio Network. Magid is the author of several books including "The Little PC Book."
By Larry Magid