Inside a cyber-crook's Xmas wish list

Trojan flea market thrives online

homeless man with sign

Most people will be looking forward to receiving digital cameras, games and the like - as well as the inevitable pair of socks - this Christmas. But cybercrooks can take the opportunity to splash out, angling for things such as credit card numbers and their corresponding PINs, the trade in which is booming online.

Some items are more valuable than others, according to Raimund Genes, CTO of net security firm Trend Micro, which has compiled what it reckons an average cyber crook’s Christmas list might look like:

  • $1000 – $5000 (£500 – £2500): Customised Trojan program, which could be used to steal online account information
  • $500 (£250): Credit Card Number with PIN
  • $80-$300 (£40 - £150): Change of billing data, including account number, billing address, Social Security number, home address and birth date
  • $150 (£75): Driver‘s licence
  • $150 (£75): Birth certificate
  • $100 (£50): Social Security Card
  • $7 - $25 (£3 - £12): Credit card number with security code and expiration date.
  • $7 (£3): Paypal account log-on and password

Trend derived its data from prices on underground bulletin boards and online forums.

Genes said that malware threats are increasingly created for the purpose of financial gain, with attack techniques becoming more sophisticated. More common activities include trying to steal bank account or credit card numbers and passwords through phishing and keylogging malware. The information gathered can then be sold on the web. Internet Relay Chat (IRC) channels, for example, are a common "flea market" for stolen personal data. ®

Sponsored: Designing and building an open ITOA architecture