[Dshield] Security Software Company Discovers Possible ID-Theft Ring

Roger A. Grimes roger at banneretcs.com
Fri Aug 5 23:45:28 GMT 2005

If you are active in the honeypot community, then you know that things
like this are not rare. The amount of illegal activity occurring on the
Internet on a daily basis would shock most people and would lead to
gov't interference if publicized more. 


*Roger A. Grimes, Banneret Computer Security, Computer Security
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger at banneretcs.com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
*Author of Honeypots for Windows (Apress)


-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Fergie (Paul
Sent: Friday, August 05, 2005 7:19 PM
To: list at lists.dshield.org
Subject: [Dshield] Security Software Company Discovers Possible ID-Theft

Thomas Claburn writes in InformationWeek:


A Florida security software company says it has stumbled across what may
be a major identity-theft effort.

Sunbelt Software Inc., which makes software used to protect computers
from spyware, says it has discovered a server holding passwords and
other personal information that may have been illegally collected using
keylogging software.

"One of our researchers here, while doing some research for our
anti-spyware tool, came across a server that happened to have a file on
it that turns out to be a log file from a keylogger that's been
deployed, it looks like, all over the world," David Bove, Sunbelt's
director of spyware research, said in an interview.

Bove wouldn't provide more details about how the server was found or
where it's located. Sunbelt has contacted the FBI about the discovery,
he says. The FBI didn't immediately return calls seeking comment.



- ferg

"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet  fergdawg at netzero.net or
fergdawg at sbcglobal.net  ferg's tech blog: http://fergdawg.blogspot.com/

send all posts to list at lists.dshield.org To change your subscription
options (or unsubscribe), see:

More information about the list mailing list