Servers keep churning in ID theft case
Security firm Sunbelt warns that personal information is still being gleaned from infected machines.
Eric Sites, the vice president of research and development at Sunbelt, said Wednesday that some of the Web servers involved in the operation are still operational and continuing to gather personal data from machines that have been infected with the malicious code responsible for the identity theft.
"Some of the Web servers have been shut down, and we are still working with the FBI to investigate others," Sites said. "Information is no longer being sent to the one (server) we initially reported on, but there are other variants of this (the malicious code) that send data to other Web sites--these are also being investigated by FBI."
The Secret Service is providing support to the FBI in this investigation, Sites said.
Sunbelt initially contacted individual people who had been affected by the identity theft ring, but Sites said it is no longer doing this as the company has "collected so much information that it is impossible to go through one by one."
Instead, Sunbelt has sent a list of account holders who have been affected to credit card providers Visa and MasterCard, as well as to online auction site eBay and its Internet payment system PayPal. It is currently working on sending a similar list to credit card providers Discover and American Express, and will send another list to eBay and PayPal, as it has since gathered more information on the people who have been affected, Sunbelt said.
Once this is completed, Sunbelt will send a list of account holders affected to various banks. The customers of more than 50 banks have been affected by this identity theft ring, said Sunbelt in an earlier interview.
Companies and individuals can protect themselves against the keystroke logger involved in this identity theft ring by downloading a free tool from the Sunbelt Web site.
Ingrid Marson of ZDNet UK reported from London.