Recently I introduced you to the concept of "sextortion" where a suggestive picture of a young — or not so young — person will come into the hands of a predator usually either though hacking or accidental posting, and the owner is blackmailed into sending ever more revealing pictures or other compromising actions.
Now there comes the disturbing news that a new computer virus has been discovered that, once installed on the victim's computer, will strip all photographs off the computer and surreptitiously send them to a prearranged email box.
Trend Micro reports uncovering what is being called the "Pixsteal-A Trojan" (or BDS/Wasew.A.), a strain of malware that when implanted on a computer opens a hidden command line that does not steal text files but rather copies .jpg, .jpeg (two common picture formats), and .dmp (memory dump) files from the infected machine and sends them onto a remote FTP server. It transmits the first 20,000 files it finds to the server.
"Information theft routines have been mostly limited to information that is in text form, thus this malware poses a whole new different risk for users," writes Raymart Paraiso, a Trend Micro threat response engineer. "Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high. Collected photos can be used for identity theft, blackmail, or can even be used in future targeted attacks."
So here is yet another reason to be even more cautious of what you download onto your computer — the usual source of a malware infection, and be cautious of what photos you might keep on your computer — or that your kids might keep on theirs.
In unrelated news, a NEW CASE of identity theft has startled and worried the Pentagon.
The September paychecks of four members of the military at Fort Bragg, N.C., have been hijacked and electronically rerouted onto prepaid debit cards. The four paychecks were destined to be electronically deposited into the accounts of their rightful owners.
Investigators say that the perpetrator was able to sign into the victims' myPay accounts and reroute the upcoming paycheck from the victims' banks instead to Bancorp Bank, a large issuer of prepaid debit cards. Whoever did this had the victims' correct login and password.
The suspicion is the victims may have accessed their myPay accounts previously from a public computer that had been compromised by malware or a key-logging device. This, of course, is another example of why you and your kids have to be extra cautious when using a public computer.
The Department of Defense is investigating the Fort Bragg pay incidents. They are anxious to learn if these are isolated incidents or perhaps the first cases with more to follow. Their concern is obvious because almost all the 6.6 million monthly paychecks issued to military personnel are direct deposited into their bank accounts.