If you haven’t been keeping up with what’s going on in the online criminal market for your credentials and information, you really need to read a new column by Brian Krebs. As Brian reports, the days of compromised PCs just being used for spam runs or denial of service attacks is in the past. Now the information on your PC – including your email, banking, and store login credentials are being harvested and monetized:
Some of the most valuable data extracted from hacked PCs is bank login information. But non-financial logins also have value, particularly for shady online shops that collect and resell this information.
Logins for everything from Amazon.com to Walmart.com often are resold — either in bulk, or separately by retailer name — on underground crime forums. A miscreant who operates a Citadel botnet of respectable size (a few thousand bots, e.g.) can expect to quickly accumulate huge volumes of “logs,” records of user credentials and browsing history from victim PCs. Without even looking that hard, I found several individuals on Underweb forums selling bulk access to their botnet logs; for example, one Andromeda bot user was selling access to 6 gigabytes of bot logs for a flat rate of $150.
Read more on KrebsonSecurity.com.