NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0479 Fierce Competition Among Identity Thieves Drives Down Prices:
Fierce competition among identity thieves has driven down the prices for stolen data and forced
crooks to adopt mainstream business tactics to lure customers, according to a new report cited in
an online press article. Credit card numbers were selling for as little as 40 cents each and access
to a bank account was going for $10 in the second half of 2007, according to the latest twice-yearly
Internet Security Threat Report from Symantec. This data is usually sold through Instant-message
groups or web forums that exist for only a few days or even hours, according to Symantec.
Researchers found evidence that internet fraudsters are hiring teams of hackers to create new viruses
and offering volume discounts on stolen data to encourage larger orders. In some cases, stolen credit
card numbers were sold in batches of 500 for a total of $200. Full identities - including a functioning
credit card cnumber, social security number or equivalent and a person's name, address, and date of
birth - are going for as little as $100 for 50, or $2 apiece. Stolen identities of European citizens
sell on the high end - for $30 - an average of 50% more than for US identities.
Symantec's report also discussed the firm's detection of 711,912 new malicious code threats last year,
according to the article. This total was 468% more than in 2006, when it found 125,243 - and accounts
for almost two-thirds of all of the 1,122,311 threats Symantec has cataloged since 2002.
According to the report, web site-specific vulnerabilities were found to be popular with hackers because
few of them are fixed quickly. Of 11,253 cross-site scripting vulnerabilities found on specific sites
during the second half of 2007, only 473 were patched.
Symantec based its findings on malicious code gathered from more than 120 million computers running Symantec
antivirus software and some 2 million decoy email accounts that collect spam.
(apnews.myway.com 08APR08)