By Thomas Claburn
August 19, 2009 07:02 PM
The indictment of Albert Gonzales of Miami, Fla., for allegedly hacking
into corporate computers and stealing more than 130 million credit and
debit cards may not have much impact on the identity theft underground.
In the first half of 2009, the number of computer users affected by
malware engineered to steal personal information has risen by 600%
compared to the January through June period in 2008, according to
PandaLabs, part of computer security company Panda Security. In
quantitative terms, Panda reports identifying 391,406 computers infected
with identity-theft malware in the first six months of the year.
Luis Corrons, technical director of PandaLabs, speculates that the
global economic downturn and the thriving black market for credit and
debit card numbers and online account information is driving the
creation of so much identity stealing malware. He also notes that the
distribution of identity-theft malware through social networks and
services like Facebook and Twitter is on the rise.
Panda reports receiving more than 35,000 new malware samples -- viruses,
worms, Trojans and the like -- every day. Trojan software designed to
steal bank details, credit/debit card numbers, or online account login
names and passwords represents 71% of this total. That's up from 51% in
Identity thieves are also seeking sensitive information through a more
diverse set of targets. Where previously financial data thieves focused
on spoofing online bank sites to dupe users into entering login
information, they have recently been targeting a variety of services
where payment account information may be stored or entered, like PayPal,
Amazon, eBay, or charity sites.
Subscribe to InfoSec News