BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

fringe: Identity Theft Malware Surges 600%

From: security curmudgeon <jericho () attrition org>
Date: Thu, 20 Aug 2009 09:35:27 +0000 (UTC)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=219400767

By Thomas Claburn
InformationWeek
August 19, 2009 07:02 PM

The indictment of Albert Gonzales of Miami, Fla., for allegedly hacking 
into corporate computers and stealing more than 130 million credit and 
debit cards may not have much impact on the identity theft underground.

In the first half of 2009, the number of computer users affected by 
malware engineered to steal personal information has risen by 600% 
compared to the January through June period in 2008, according to 
PandaLabs, part of computer security company Panda Security. In 
quantitative terms, Panda reports identifying 391,406 computers infected 
with identity-theft malware in the first six months of the year.

Luis Corrons, technical director of PandaLabs, speculates that the global 
economic downturn and the thriving black market for credit and debit card 
numbers and online account information is driving the creation of so much 
identity stealing malware. He also notes that the distribution of 
identity-theft malware through social networks and services like Facebook 
and Twitter is on the rise.

Panda reports receiving more than 35,000 new malware samples -- viruses, 
worms, Trojans and the like -- every day. Trojan software designed to 
steal bank details, credit/debit card numbers, or online account login 
names and passwords represents 71% of this total. That's up from 51% in 
2007.

Identity thieves are also seeking sensitive information through a more 
diverse set of targets. Where previously financial data thieves focused on 
spoofing online bank sites to dupe users into entering login information, 
they have recently been targeting a variety of services where payment 
account information may be stored or entered, like PayPal, Amazon, eBay, 
or charity sites.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: