Cyber criminals become more and more creative when it comes to the uses of data stolen from infected computers. At first it was only click fraud, denial-of service attacks or spam but now such information as passwords associated email credentials tied to a variety of online retailers become of a great demand.
Botnets like Citadel and ZeuSandSpyEye enable to gather enormous amount of data needed. Botnet malware is capable of extracting any password stored in the infected PC’s browser. It will also intercept and record any information submitted in web forms, for example, credit card number, address or any other details when making an online retail purchase.
Without competition bank login information is the most valuable data collected. Yet non-financial logins have their use as well, especially when we talk of shady online shops that collect and resell this information.
Logins of any sort are often resold on underground crime forums. The prices are very different. For example, one Andromeda botnet user announced a price for 6 gigabytes of bot logs costing 150 USD. One can purchase stolen credentials for an entire shopping mall of online retail establishments, such as overstock.com, dell.com, walmart.com and only 2 USD each. Fedex.com and ups.com accounts’ credentials are more expensive – 5 USD each.
If you need more logins, you can choose from sephora.com, skype.com, target.com, toysrus.com, amazon.com, apple.com, autotrader.co.uk, bestbuy.com, bloomgingdales.com, bol.com, cdw.com, drugstore.com, ebay.co.uk, ebay.com, , macys.com, mylikes.com,newegg.com, next.co.uk.com, okpay.com, paypal.com, payza.com, runescape.com, , ukash.com, verizon.com, walmart.com, xoom.com and zappos.com, facebook.com, gamestop.com, gumtree.com, kohls.com, logmein.com, lowes.com. Again you will have to pay only 2 USD for each. Accounts having credit card or bank account information will be labeled as having a higher price.
This is only one example how data stolen from an infected computer can be turned into money. You never know, maybe your login and password is being sold at some underground market right at this moment. Do not forget to change them regularly as this is one of the tips for protecting your personal information.