(malware) still think you know how to secure Windows?

http://voices.washingtonpost.com/securityfix/2007/03/tracking_the_password_thieves_1.html

Tracking the Password Thieves is an article by Washington Post columnist Brian Krebs

The victims ranged from Myspace-browsing youngsters to credentialed "security experts" who claimed to be doing everything they should to keep a Windows PC healthy and virus-free.

What's worse are these two:

Further analysis of the data showed that it contained a large batch of medical patient information, including date of birth, SSNs, credit card numbers, and so on. The data was stolen from the computer of Biram Chapman, founder of Vidalia, Ga.-based Chapman Healthcare Services. The company had Symantec's Norton Anti-virus software installed, but the virus that infected his machine disabled the program's ability to download updates.

My analysis also turned up login information for Accurint.com, a consumer database company used by many police departments and investigators to track down individuals. Imagine the damage an identity thief could do from looking up the Social Security numbers and other sensitive data on as many Americans as he wants. Fortunately, I was able to get in touch with the gentleman who owned the Accurint credentials, an investigator with an Alabama district attorney's office, who changed his password before the thieves had a chance to use the account.

And this:

Some of the victims I spoke with acknowledged they were slacking in some measure needed to keep their Windows computer safe online, but others insisted their machines got infected even though they were doing all the things experts recommend, such as using a firewall and up-to-date anti-virus software, and applying security updates from Microsoft when they are released.

And finally, here's a sampler of the types of people whose machines have been compromised (all are quotes from the article, but you really need to read the whole thing to understand how deep this goes and how it works):

- an engineer for the Architect of the Capitol
- someone who works in computer security for IBM
- someone fresh out of college who'd just earned a degree in information security (!)
- a man in the D.C. area who works for the Federal Energy Regulatory Commission, which is part of the Department of Energy
- a woman working in the new accounts department at Bank of America (this wasn't her home computer; this was her PC at work.)
- two [at] biotech giant Amgen
- two [at] pharmaceutical maker Merck
- another [at] the Massachusetts District Attorneys Association

Want to start using Linux? Call me -- I'll help you any way I can! Free, no strings attached, of course, in the spirit of evangelism. It's a lot easier if you're in my city but even otherwise we can work things out somehow.