Did you know that you can buy a keystroke logger for $23 or pay $10 to have someone host your phishing scam? Having a botnet at your fingertips will cost you $225, and a tool that exploits a vulnerability on a banking site averages $740 and runs as high as $3,000.
That's according to the Symantec Report on the Internet Underground Economy due to be released Monday.
Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between July 1, 2007 and June 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information.
Credit card numbers were the most popular item on sale and made up 31% of all the goods on offer. Coming in second were bank details which made up 20% of the items being offered on criminal chat channels.
The $5.3 billion figure was reached by multiplying the average amount of fraud perpetrated on a stolen card, $350, by the many millions Symantec observed being offered for sale. Similarly, the report said, if hi-tech thieves plundered all the bank accounts offered for sale they could net up to $1.7bn.
Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between July 1, 2007 and June 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information.
Credit card numbers were the most popular item on sale and made up 31% of all the goods on offer. Coming in second were bank details which made up 20% of the items being offered on criminal chat channels.
The $5.3 billion figure was reached by multiplying the average amount of fraud perpetrated on a stolen card, $350, by the many millions Symantec observed being offered for sale. Similarly, the report said, if hi-tech thieves plundered all the bank accounts offered for sale they could net up to $1.7bn.
MOST POPULAR ITEMS
1) Credit card information - 31%
2) Financial accounts - 20%
3) Spam and phishing information - 19%
4) Withdrawal service - 7%
5) Identity theft information - 7%
6) Server accounts - 5%
7) Compromised computers - 4%
8) Website accounts - 3%
9) Malicious applications - 2%
10) Retail accounts - 1%
Credit card numbers have proved so popular among hi-tech thieves because they are easy to obtain and use for fraudulent purposes. Many of the methods favored by cyber criminals, such as phishing schemes, database attacks and magnetic strip skimmers, are designed to steal credit card information, it said.
The existence of a ready market for any stolen data and the growing use of credit cards also helped maintain their popularity, it said. "High frequency use and the range of available methods for capturing credit card data would generate more opportunities for theft and compromise and, thus, lead to an increased supply on underground economy servers," said the report.
The price card thieves can expect for the numbers they offer for sale also varied by the country of origin. US card numbers were the cheapest because they were so ubiquitous - 74% of all cards offered for sale were from the US.
By contrast numbers from cards issued in Europe and the Middle East commanded a premium because they were relatively rare.