LandzDown Forum

Software & More => Web News => Topic started by: Corrine on July 27, 2005, 01:27:07 PM

Title: Webhelper News!
Post by: Corrine on July 27, 2005, 01:27:07 PM
Yes, friends, this is the same Webhelper who is a member of the LzD family.  Webhelper's work has been recognized, quoted and linked to all over the world and in many languages.

Now that the word is out, I can publicly congratulate you.  Patrick, my friend, you know I couldn't be happier for you.  (

(PRWEB) - Clearwater, FL (PRWEB) July 27, 2005 -- Sunbelt Software, a leading provider of Windows security solutions, is pleased to announce that renowned spyware researcher, Patrick Jordan, has joined Sunbelt Software as a Senior Spyware Research Analyst.

Jordan, also known as "webhelper" to the antispyware community, will provide research expertise to help identify and remove some of the most difficult spyware strains such as VX2/Transponder and CoolWebSearch.

Jordan brings a plethora of technology and research experience to Sunbelt, having managed and participated in many of the security forums dedicated to spyware research, detection and removal, including his own site. His experience in revealing the malicious mechanisms that transponder spyware uses to propagate itself has been beneficial to the antispyware community, particularly exposing practices by spyware authors that develop applications such as CoolWebSearch.

His expert research over the last several years on adware and spyware provides a firm foundation for accurate and reliable research testing that ultimately enables Sunbelt to continue to provide one of the best spyware threat databases in the industry.

"Patrick understands the issues and challenges that computer users face every day when it comes to spyware," said Alex Eckelberry, president of Sunbelt Software. "A walking encyclopedia of knowledge on some of the most pernicious spyware threats, he is an extraordinarily valuable addition to our research team."

"Being a part of a rapidly expanding security software developer and practicing spyware research is exciting," Jordan said. "There's definitely a buzz in the industry right now about Sunbelt, and I'm thrilled to be a part of it."

About Sunbelt Software
Headquartered in Tampa Bay (Clearwater), Fla., Sunbelt Software was founded in 1994 and offers product solutions to protect and secure systems from costly inefficiencies including spam, spyware, system downtime and security vulnerabilities.

Sunbelt Software is part of the Sunbelt International Group, which includes Sunbelt Software and Sunbelt System Software in Europe. The Sunbelt System Software group has offices in the UK, France, Belgium, Sweden and Germany.

Copyright © 2005 Sunbelt Software, Inc. All rights reserved. All trademarks used are owned by their respective companies.
Title: Re: Webhelper News!
Post by: Corrine on July 27, 2005, 02:57:03 PM
I love Canuk's write up on his website: CyberNews4You (
Title: Re: Webhelper News!
Post by: roddy32 on July 27, 2005, 07:31:40 PM
Excellent  :thumbsup: Congrats to Patrick.  :)
Title: Re: Webhelper News!
Post by: Corrine on August 08, 2005, 05:12:11 PM
I cannot believe I forgot to post this here!   :oops:


Massive identity theft ring

In some recent research into a spyware exploit, our research team has discovered a massive identity theft ring.

We also found the keylogger transcript files that are being uploaded to the servers.

This is real spyware stuff -- chat sessions, user names, passwords, bank information, etc. We have confirmed that this data is valid. Highly personal information, including even one fellow who has a penchant for pedophilia -- all logged in detail and returned a webserver.

Note that there is a LOT of bank information in here, including one company bank account with over US$350,000 and another small company in California with over $11,000 readily accessible. This list goes on and on and on. Of course, there's also eBay accounts and much more.

Most importantly from our personal viewpoint: 

Identity Theft Update

An update on the massive identity theft ring we discovered earlier. The FBI has responded to us and they are working on the case. It looks like they were working on the case when after we sent originally sent the data in, but we didn't get any response from them at the time indicating they had received our data.

I will be providing more later as well as some (redacted) samples of what the files look like.

This was discovered by Patrick Jordan, a senior staff researcher here. Patrick is a veteran of spyware, and even he admits to never having seen something like this before. It’s pretty staggering.

Alex Eckelberry

In case you didn't know, Patrick Jordan is our wonderful Webhelper!!!

Members of the security community have been asked to spread the following message:

If anyone suspects they have been affected by this they need to immediately do the following:

Disconnect from the Internet, contact all their banks and credit card companies immediately. Change passwords to all email and online accounts and seek help to clean their computers before going onlne again.

See additional story here:,10801,103737,00.html
Title: Re: Webhelper News!
Post by: mitch on August 08, 2005, 09:08:20 PM
and it has worked it's way to c-net news too !!!!! (

Title: Re: Webhelper News!
Post by: Corrine on August 08, 2005, 09:09:13 PM
Mike Healon issued a special edition of his newsletter:

Financial Passwords and Credit Card Numbers Stolen From Thousands of Machines

There is more information about the identity theft operation I reported late Saturday.

Patrick Jordan, a researcher for Sunbelt, maker of Counterspy antispyware, made the discovery while investigating a new variant of the CoolWebSearch browser hijacker. After this variant was running on his test machine, Jordan discovered that it had downloaded and installed surveillance spyware.

This as-yet-unidentified spyware logs instant message and other chat activity, the web addresses visited by the victim, user names and passwords the victim uses to log into various web sites, as well as information filled out on web site forms. The spyware also accesses Microsoft's Internet Explorer "Protected Storage", which is where Internet Explorer stores information and passwords entered into web forms.

Once this information has been collected, it is transmitted to a remote web server over the internet. Once transmitted to the server, the information is dumped into an unencrypted file. Anyone who knows the address of this server can view this file. One bank account, whose complete access information has been stored on this remote server, is worth over $350,000.00 USD.

The personal information of thousands of victims is being written to this file on a continuing basis. Sunbelt has been monitoring the file and has discovered that the information it contains is being compressed and archived at regular intervals. The file then is reset to blank so that more information can be written to it.

It is not, as was first reported here and elsewhere, the CoolWebSearch software itself that is stealing this personal information. Rather, the spyware is downloaded and installed by this particular variant of CWS after it is running on the victim's machine. There are two known versions of this spyware. It is unknown at this time whether or the affiliate responsible for this variant have access to the spyware or the information that it is collecting.

The FBI as well as the US Secret Service are investigating. Neither organization will comment on the matter.

If you suspect that you have this spyware installed, you are urged to install a firewall immediately, then block all outbound access to the internet. Kerio and ZoneLabs both make excellent software firewalls. Then you should contact your bank and credit card companies. Following that, log in from an uninfected machine and change all passwords on web sites where you have an account.

If you determine for a fact that this or any other spyware is installed on your computer and that your financial accounts have been compromised, you should contact your local police department. They should put you in contact with any Federal agency investigating the crime.

We are continuing to update our news section with related stories as we see them.
Title: Re: Webhelper News!
Post by: Totro on August 11, 2005, 06:51:34 AM

Latest Press Release .... (

"Sunbelt Software Issues Immediate Protection for Harmful Keylogger

Company to update CounterSpy family of programs to scan and detect Srv.SSA-KeyLogger and will provide a free scan and remediation tool ....."

Sunbelt is about to issue a free tool to detect this so stay tuned to the Sunbelt Blog site

Title: Re: Webhelper News!
Post by: EASTER on August 11, 2005, 09:26:43 AM
Very useful information and details indeed. Reading thru some of those articles is somewhat disturbing how very stealthy criminals are getting thru use of internet & PC technology. Another new example that should yet serve to continue to remind us ever so much, how very important it is to be constantly alert & vigiliant in how we handle day to day communications with our machines and keep them protected as best we can.
Title: Re: Webhelper News!
Post by: roddy32 on August 11, 2005, 11:02:03 AM
PCWorld also had an article about this yesterday which is a repeat of the above but also has a link for a tool to detect what information is accessible.,aid,122176,00.asp

The tool doesn't detect any malware but it shows what is vulnerable.

Sorry if this was in one the above posts, I might have missed it.
Title: Re: Webhelper News!
Post by: EASTER on August 11, 2005, 11:39:02 AM
The tool doesn't detect any malware but it shows what is vulnerable.

Yep, interesting: Keyloggers have always been a choice tool used to spy into others
personal data usually on single machines, bundled trojans to monitor remote machines, etc. . Looks like those who were pointed out in the articles above have taken that a step further
and mass release them with common spyware then collect the info in their own database then likely examine the returns and then target unsuspecting victims.



[Internet Explorer\Internet Explorer]

Title: Re: Webhelper News!
Post by: roddy32 on August 11, 2005, 11:41:57 AM
Scary thoughts for sure.