Most people will be looking forward to receiving digital cameras, games and the like - as well as the inevitable pair of socks - this Christmas. But cybercrooks can take the opportunity to splash out, angling for things such as credit card numbers and their corresponding PINs, the trade in which is booming online.

Some items are more valuable than others, according to Raimund Genes, CTO of net security firm Trend Micro, which has compiled what it reckons an average cyber crook’s Christmas list might look like:

• $1000 – $5000 (£500 – £2500): Customised Trojan program, which could be used to steal online account information
• $500 (£250): Credit Card Number with PIN
• $80-$300 (£40 - £150): Change of billing data, including account number, billing address, Social Security number, home address and birth date
• $150 (£75): Driver‘s licence
• $150 (£75): Birth certificate
• $100 (£50): Social Security Card
• $7 - $25 (£3 - £12): Credit card number with security code and expiration date.
• $7 (£3): Paypal account log-on and password

Trend derived its data from prices on underground bulletin boards and online forums.

Genes said that malware threats are increasingly created for the purpose of financial gain, with attack techniques becoming more sophisticated. More common activities include trying to steal bank account or credit card numbers and passwords through phishing and keylogging malware. The information gathered can then be sold on the web. Internet Relay Chat (IRC) channels, for example, are a common "flea market" for stolen personal data. ®

Related stories

VXers slap copyright notices on malware (28 April 2008)
http://www.theregister.co.uk/2008/04/28/malware_copyright_notice/
Trojan phishing attack claims multiple victims (23 February 2007)
http://www.theregister.co.uk/2007/02/23/trojan_phishing_attack/
AOL phishing fraudster found guilty (17 January 2007)
http://www.theregister.co.uk/2007/01/17/aol_phishing_fraudster/
Trojans fuel ID theft boom (16 January 2007)
http://www.theregister.co.uk/2007/01/16/mcafee_id_theft_trends/
Happy New Malware (2 January 2007)
http://www.theregister.co.uk/2007/01/02/new_year_malware/
Xmas malware frenzy (27 December 2006)
http://www.theregister.co.uk/2006/12/27/xmas_malware/
Lost laptops, zero-day vulns and RFID chips (22 December 2006)
http://www.theregister.co.uk/2006/12/22/security_review_2006/
Blogging to slide - PC TCOs too? (15 December 2006)
http://www.theregister.co.uk/2006/12/15/blogs_zenith_in_2007/
Irish consumers wising up to phishing scams (15 December 2006)
http://www.theregister.co.uk/2006/12/15/irish_consumers_wise_up_to_phishing/
Government asked to investigate Christmas music torture (14 December 2006)
http://www.theregister.co.uk/2006/12/14/christmas_music_torture/
Malware wars: Are hackers on top? (5 December 2006)
http://www.theregister.co.uk/2006/12/05/malware_trends/
Four cuffed over webcam Trojan scam (16 November 2006)
http://www.theregister.co.uk/2006/11/16/webcam_trojan_scam/
Prison terms for phishing fraudsters (14 November 2006)
http://www.theregister.co.uk/2006/11/14/fraud_act_outlaws_phishing/
eBay redirection ruse reloaded (13 November 2006)
http://www.theregister.co.uk/2006/11/13/ebay_redirection_ruse/
T'is the season to be ripped off... (13 November 2006)
http://www.theregister.co.uk/2006/11/13/xmas_safe_shopping/
ID thieves pumped then dumped on brokerage houses (26 October 2006)
http://www.theregister.co.uk/2006/10/26/id_thieves_brokerage_scam/
Viruses, phishing, and trojans for profit (26 October 2006)
http://www.theregister.co.uk/2006/10/26/viruses_for_profit/
Brits bin their identity as ID thieves prosper (16 October 2006)
http://www.theregister.co.uk/2006/10/16/id_fraud_prevention_week/