Tuesday, February 21, 2006

Invasion of the Computer Snatchers

Brian Krebs has a fantastic slice-of-life article on a hacker who is paid to install spyware.
A small dog with matted fur enters the living room and winds through 0x80's feet. 0x80 gives the dog a gentle shove with his foot, without even looking up from his laptop. He furiously stabs at the keyboard with his two forefingers, punching out a short command that produces a mesmerizing blur of black-on-white text that scrolls up the computer screen at several pages per second. 0x80 makes it halfway through a cigarette before the text flying across the screen finally stops. The command he typed -- "pstore" -- is short for "password store." On the screen in front of him is a listing of every user name and password that the owner of each infected computer has stored in the Microsoft Internet Explorer Web browser on his or her computer.

A quick scroll through the first few dozen pages of the file reveals credentials his victims have used to log in to online accounts at PayPal, eBay, Bank of America and Citibank, to name just a few. Many of the Web sites for which user names and passwords are stored are harmless, such as sports or hobby sites. Others are potentially far more revealing, such as hard-core sex and fetish Web sites. 0x80 has also found credentials for thousands of e-mail accounts, including dozens at ".mil" and ".gov" (U.S. military and government) addresses.
I'm now forwarding the article to every one of my non-technical friends and family who I've had to berate and cajole over the years into keeping their computer fully patched.

(Picture of a broken computer from this inexplicable Norwegian site.)


Post a Comment

Links to this post:

Create a Link

<< Home

Blog Flux Directory