Cyber criminals seek 'full' sets of credentials that trade for only a few pounds
Malicious software kits are available for under £2,000 on the internet, while online as online bank logins trade for just £32.
A report by RSA revealed that Zeus Trojan kits are now on sale for £1,944 in some cases. Basic kits for the SpyEye Trojan, what the RSA FraudAction Intelligence Team called ‘2010's biggest Trojan innovation' and ‘the only commercially available banking Trojan able to challenge Zeus' market-share', are available for under £700. A Firefox injection tool is available for anywhere between $1,000 and $2,000 (£648-£1,298).
RSA's online fraud report for August said: “If you were to take a glimpse into the fraud black market, you would see that not only do cyber criminals trade stolen data, but they also offer a multitude of tools and services for sale that enable others to harvest this information and/or monetise it.
“Examples of some criminal ‘product' offerings would include fraudster call centre services that ‘outsource' fraudulent phone calls made to banks or merchants; information services that provide a rich set of personal and financial data on potential victims; phishing kits that target different banks: Trojan infection kits; and credit card checking services, just to name a few.”
It also reported on how seasoned fraudsters are opting for the purchase of ‘Fulls', which comprise the genuine cardholder's information including online banking account (via username and password combination), billing address, credit card number, CVV2 code, expiration date, mother's maiden name, date of birth and Social Security Number.
The report said: “Using the data, the cyber criminal can modify the card's billing address with the help of a fraudulent call to the call centre, buying credibility to a random address. He can then purchase big ticket items online, having them shipped to that same item drop mule, then directly into his hands for cash resale in his own local grey market.”
Typically 50 sets of freshly compromised ‘Fulls' credentials trade for £324 on average, while 30 fraudulent phone calls to online merchants, banks and money transfer services can cost £194.