Study recovers over 10,000 stolen bank details

A seven-month study on malware and criminal keylogging malware allows researchers to get hold of data worth millions.

Researchers recovered over 10,700 stolen online bank account credentials and 149,000 stolen emails during a seven-month study on the underground economy'.

The study by the University of Mannheim also finished with researchers harvesting 33GB of keylogger data, resulting in information about stolen credentials from more than 173,000 compromised machines.

Researchers managed to collect this data from dropzones', a public writable directory on a server residing on the web acting as an exchange point for keylogger data.

Malware running on compromised machines would send all credentials to the dropzone, where an attacker could pick them up and use them.

Researchers Thorsten Holz, Markus Engelberth and Felix Freiling said that the data was worth potentially millions of dollars on the underground market, and that cybercrime was profitable enough to earn attackers hundreds of pounds per day.

They said in the report: "The result of this study is that internet-based crime is now largely profit driven and that the nature of this activity has expanded and evolved. Digital and classical crime are merging."

The two keyloggers the researchers analysed were Limbo and Zeus with the researchers observing some 164,000 infections stemming from the former.

Stolen data included that from banking websites and credit cards, as well as social networks, email passwords and online trading platforms. Statistics showed that 12 per cent of the data was traced back to the UK.

However, the analysis method used in the report was not restricted to keylogger-based attacks.

The researchers said: "It can be applied to all attacks in which an attacker steals authentication credentials of a victim after some form of contact. We call these types of attacks impersonation attacks.

"This class covers a range of real-world attacks including many different forms of phishing, certain forms of sending spam, or online fraud based on identity theft."

The study is available here.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Windows Server flaw sparks emergency US gov warning
vulnerability

Windows Server flaw sparks emergency US gov warning

21 Sep 2020