A variant of browser hijacking tool CoolWebSearch (CWS) is behind an ID theft ring that uses spyware to steal confidential information from business and home PCs around the world, according to researchers at Sunbelt Software.
The CWS programs redirect users to websites that use spyware tools to collect a variety of information from infected computers. Sunbelt researchers say they have uncovered a CWS variant that turns infected systems into spam zombies and uploads a wide variety of personal information to a remote server located in the US.
A Sunbelt blog on the topic says researchers have viewed content on this server and it includes instant-messaging chat sessions, search terms, social security numbers, credit cards, logins and passwords.
Sunbelt has released limited technical information on the find, but is working with the FBI and US security services.
"It's one of the most egregious things we have ever seen," said Sunbelt president Alex Eckelberry. "We know this kind of data is out there, but this is the first time we actually have the data that the criminals are using."