Ok, we have the latest on this identity theft ring. And it’s pretty interesting.
that all we found was the cache of data from the thieves — we didn’t
have the actual keylogger that was responsible for it. We had a
keylogger we had found that was similar and provided us some clues, but
not this specific one that was reporting all this data back.
So we had to find the keylogger. That entailed trying to actually get a hold of a machine.
Last night, we finally got an infected machine and were able to figure out what’s going on.
Go over to Sunbelt's Blog and see the list of attributes for this keylogger. It's pretty nasty.