Hackers Steal WinPatrol Data Already Available
What was first thought to be a problem in last week’s Windows Update turned out to be a targeted hacker attack of WinPatrol data files.
The timing of the attack(Tuesday, Feb 26th at 17:44 PM EST)coincided with a new Windows Update. Many who experienced unusual behavior from WinPatrol had also just updated Java and/or Adobe Flash so they were also included in the list of usual suspects.
While the hackers may have been looking for user passwords, Email addresses or credit card numbers they were able to steal statistical data describing which programs remain popular or unpopular on Windows machines. The data is collected when a WinPatrol user decides to keep or remove a program which has been detected in a critical system location.
The following is an example of data collected by WinPatrol based on decisions made when a particular file, “Adobe PDF Helper” is added to the list of programs loaded with Internet Explorer. The first number represents requests by WinPatrol PLUS members asking “What the heck is this file?”. The 2nd indicates users clicking “Yes, I’ll keep this” when notified the file was added. The 3rd larger number represents how many times WinPatrol users rejected this file and did not want it loaded when they browsed the Internet. The remaining numbers result from an optional survey doesn’t appear to be a popular since it requires participation.
The goal of this statistical data is to help WinPatrol PLUS member make decisions on if they want to keep a program which in some cases may slow their system down. While this example is from an IE Helper or Brower Helper Object most data relates to programs which are set to always run after the computer starts.
This data is valuable as a whole but is just one feature available by upgrading to WinPatrol PLUS for only $29.95. While the hackers didn’t find any valuable payload, they did cause the software to crash any time a change occurred worth sharing. While BillP Studios worked long hours providing an immediate solution to those who reported problems we carefully evaluated each report to confirm a permanent solution would be found. Today a new version, WinPatrol 27.0.2013 is now available.
Like many small companies BillP Studios uses 3rd party companies like PayPal who specialize in eCommerce. Even when credit card numbers are included, BillP Studios securely deletes personal data after 30 days. We are required to save some information for the IRS and reports of foreign sales. These files do not include individual data and are stored on a system not connected to the network.
We were prepared for this kind of attack and except for individual software failures our preparation worked. At no time were any Email addresses, personal addresses or credit name numbers stolen or even at risk. It was still a wake up call and should be for anyone running a small business.
The new WinPatrol 27.0.2013 includes a few new features that were previously in the plans but I also trained Scotty to behave even more gracefully in case of failure. Future development will continue this trend so in the case of a crash no other programs will be affected.
For more information on the new WinPatrol go to
I’d especially like to thank everyone for their patience and to many who took the time to include screen shots and details with their Emails to support@WinPatrol.com. This information was critical in keeping me from being distracted by unlikely causes and helped me track down the root of this problem.