Software developed by pros, so thieves need no training
BRIAN KREBS
Sun
ONLINE FRAUD I When Graeme Frost received an e-mail notice that an expensive camera had been charged to his credit card account, he immediately clicked on the Internet link included in the message that said it would allow him to dispute the charge.
As the 29-year-old resident of southwestern England scoured the resulting Web page for the merchant’s phone number, the site silently installed a passwordstealing program that transmitted all of his personal and financial information.
Frost is just one of thousands of victims whose personal data has been stolen by what security experts are calling one of the more brazen and sophisticated Internet fraud rings ever.
The Web-based softwa re employed by ring members to manage large numbers of illegally commandeered computers is just as easy to use as basic commercial office programs. No knowledge of computer programming or hacking techniques is required to operate the software, which allows the user to infiltrate and steal financial information from thousands of PCs simultaneously.
The quality of the software tools cyber criminals are using to sort through the mountains of information they’ve stolen is a clear sign that they are seeking more efficient ways to use stolen data, experts say.
“We believe this to be the work of a group, not a single person,” said Vincent Weafer, senior director of security response at Cupertino, Calif.-based computer security giant Symantec Corp.
The data thieves use the IE flaw to install programs known as “keyloggers” on computers that visit the specially coded Web pages. The keyloggers then copy the victims’ stored passwords and computer keystrokes and upload that information to a database.