Study recovers over 10,000 stolen bank details
By Asavin Wattanajantra,
Researchers recovered over 10,700 stolen online bank account credentials and 149,000 stolen emails during a seven-month study on the ‘underground economy’.
The study by the University of Mannheim also finished with researchers harvesting 33GB of keylogger data, resulting in information about stolen credentials from more than 173,000 compromised machines.
Researchers managed to collect this data from ‘dropzones’, a public writable directory on a server residing on the web acting as an exchange point for keylogger data.
Malware running on compromised machines would send all credentials to the dropzone, where an attacker could pick them up and use them.
Researchers Thorsten Holz, Markus Engelberth and Felix Freiling said that the data was worth potentially millions of dollars on the underground market, and that cybercrime was profitable enough to earn attackers hundreds of pounds per day.
They said in the report: “The result of this study is that internet-based crime is now largely profit driven and that the nature of this activity has expanded and evolved. Digital and classical crime are merging.”
The two keyloggers the researchers analysed were Limbo and Zeus with the researchers observing some 164,000 infections stemming from the former.
Stolen data included that from banking websites and credit cards, as well as social networks, email passwords and online trading platforms. Statistics showed that 12 per cent of the data was traced back to the UK.
However, the analysis method used in the report was not restricted to keylogger-based attacks.
The researchers said: “It can be applied to all attacks in which an attacker steals authentication credentials of a victim after some form of contact. We call these types of attacks impersonation attacks.
“This class covers a range of real-world attacks including many different forms of phishing, certain forms of sending spam, or online fraud based on identity theft.”
The study is available here.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Do British police get cyber security?
Davey Winder listens to telephone conversations between the FBI and the Metropolitan Police, courtesy of Anonymous, and isn't impressed.
- Who to trust after the VeriSign hack?
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Ubuntu vs. Windows 7 on the business desktop
- York researchers heat storage to speed up data
- OneNote hits Google?s Android
- O2 trials Olympic-scale remote working
- Who to trust after the VeriSign hack?
- Lenovo beats expectations again
- BlackBerry Bold 9790 review
- Will someone rid me of these troublesome Macs?
- Google to promise fairness after Motorola buy
- Welcome to the stay-at-home Olympics
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
