Data including credit card numbers, Exploit Prevention Labs, said in an interview Wednesday., and log-in names and passwords of thousands of individuals from Australia and the U.S. has already been collected in the scam, Roger Thompson, chief technology officer at security software maker
The attacks involve e-mail messages that at first glance appear to befrom services like Yahoo or Blue Mountain, Thompson said. Clicking on the link to view the card, however, first sends the target to a malicious Web site that tries to silently install software that logs the user's keystrokes, he said. After that the card is displayed.
"It is really quick, nobody notices it," he said. "Unless you actually look at the source of the e-mail and say, 'Hang on, this is a redirect,' you wouldn't actually see it."
The miscreants use a flaw in Microsoft's Windows operating system to drop the spy software and a rootkit to hide it on PCs, Thompson said. Windows users who have installed the MS06-014 patch, released in May, are not vulnerable to this particular silent drive-by installation of malicious software.
The attacks appear to have started in April with a new wave of malicious e-mail messages sent out every week. Each week the attackers appear to collect a 200MB file with freshly capture information from a server, Thompson said. He was able to identify the server and reported the matter to Australian and U.S. authorities, he said.
So far, Exploit Prevention Labs has been able to identify that customers at nearly every Australian bank were compromised, it said in a statement. The cybercrooks have also targeted individuals in North America, Europe and Asia using a variety of e-card services, the company said.