Saw this on NeoWin today...
Researchers from a little-known security software company named Sunbelt Software have seemingly uncovered
a criminal identity theft ring of massive proportions. According to one
of their employees, Alex Eckelberry, during the course of one of their
recent investigations into a particular Spyware application—rumored to
be called CoolWebSearch—they've discovered that the personal
information of those "infected" was being captured and uploaded to a
server.
Updated (08/06/2005 4:24PM CDT): I've received a
little bit more information on what's going on from the employees of
Sunbelt Software. What follows is more or less the exact email I
received from Alex Eckelberry:
Basically, it went like this:
Patrick Jordan, our CoolWebSearch expert, was doing research on a CWS
exploit. During the course of the research, he disovered that a) the
machine he was testing became a spam zombie and b) it send a call back
to a remote server. He traced back the remote server and found what you
have heard about.
The scale is unimaginable. There are thousands of machines pinging back
in a day. There is a keylogger file that grows and grows, and then is
zipped off and then the cycle continues again.
It is sophisticated. There are nifty little PHP scripts that help the
criminals get reports. There is a special upload area.
Additional read and extra information
Make sure you dont get caught out. Install adaware, AntiSpy or SpyBot(what I use) to keep yourself clean.