Update: Fix here. And information on the types of systems infected here.

In some recent research into a spyware exploit, our research team has discovered a massive identity theft ring.

We also found the keylogger transcript files that are being uploaded to the servers.

This is real spyware stuff — chat sessions, user names, passwords, bank information, etc. We have confirmed that this data is valid. Highly personal information, including even one fellow who has a penchant for pedophilia — all logged in detail and returned a webserver.

Note that there is a LOT of bank information in here, including one company bank account with over US$350,000 and another small company in California with over $11,000 readily accessible. This list goes on and on and on. Of course, there’s also eBay accounts and much more.

We have notified the FBI, but no response just yet. We have notified a few of the parties involved. (Update: It looks like they were working on the case when after we sent originally sent the data in, but we didn’t get any response from them at the time indicating they had received our data.)

If anyone has any other ideas, send ’em to us. Right now, we’re sitting upon literally thousands of pages of stolen identities that are being used right now.

Alex Eckelberry