The FBI is investigating.
According to blog postings by Sunbelt Software President Alex Eckelberry, the ring was discovered by researcher Patrick Jordan, an expert on CoolWebSearch (CWS) – a keylogger program that downloads itself onto computers and then collects information about an individual or organisation without their knowledge.
Jordan was investigating a particular CWS exploit when he discovered that the machine he was infecting with the spyware became a spam zombie. He also noticed a call back to a remote server, which he traced, only to find the ID theft ring.
According to Eckelberry, the scale of the information being collected by the ring is "unimaginable". All sorts of data are being uploaded, from bank account details to names, passwords and social security numbers.
“There are thousands of machines pinging back daily. There is a keylogger file that grows and grows, and then is zipped off and then the cycle continues again,” says the posting. “The server is in the US, but the domain is registered to an offshore entity.”
