The Register® — Biting the hand that feeds IT

Inside a cyber-crook's Xmas wish list

Trojan flea market thrives online

By John LeydenGet more from this author

Posted in Malware, 12th December 2006 18:36 GMT

Free whitepaper – PowerEdge M610-M710 spec sheet

Most people will be looking forward to receiving digital cameras, games and the like - as well as the inevitable pair of socks - this Christmas. But cybercrooks can take the opportunity to splash out, angling for things such as credit card numbers and their corresponding PINs, the trade in which is booming online.

Some items are more valuable than others, according to Raimund Genes, CTO of net security firm Trend Micro, which has compiled what it reckons an average cyber crook’s Christmas list might look like:

  • $1000 – $5000 (£500 – £2500): Customised Trojan program, which could be used to steal online account information
  • $500 (£250): Credit Card Number with PIN
  • $80-$300 (£40 - £150): Change of billing data, including account number, billing address, Social Security number, home address and birth date
  • $150 (£75): Driver‘s licence
  • $150 (£75): Birth certificate
  • $100 (£50): Social Security Card
  • $7 - $25 (£3 - £12): Credit card number with security code and expiration date.
  • $7 (£3): Paypal account log-on and password

Trend derived its data from prices on underground bulletin boards and online forums.

Genes said that malware threats are increasingly created for the purpose of financial gain, with attack techniques becoming more sophisticated. More common activities include trying to steal bank account or credit card numbers and passwords through phishing and keylogging malware. The information gathered can then be sold on the web. Internet Relay Chat (IRC) channels, for example, are a common "flea market" for stolen personal data. ®

Free whitepaper – Dell PowerEdge servers product guide

Webcast: Jumpstart your Application Security initiatives