|
Take, for instance, the data being collected by San Diego-based Secure Science Corp., a company that offers stolen-data retrieval services for financial institutions. Most of the criminal groups the company monitors filch data by spamming out e-mails with links to Web sites that use a variety of known Internet Explorer and Windows weaknesses to install malicious code. Once installed, that malware steals stored user names and passwords and records what the victim types when he or she visits targeted financial sites. Secure Science can intercept that data by finding the location of "dead drops" -- e-mail inboxes or Web site databases set up by the attackers to receive information stolen from infected machines. Ever since the third week in March, when the latest IE exploit surfaced, Secure Science has watched that same phishing group's daily catch increase exponentially. Lance James, the company's chief scientist, said the group's dead drops are now choking on 80 to 115 megabytes of stolen data each day. James looked through the company's database for the particulars of this group's haul from March 31, when the drop box received 108 megabytes worth of data stolen from infected machines. On that day alone, the phishers gleaned personal and financial information on 13,677 accounts, including 3,536 credit card account numbers, 255 Paypal accounts, 1,038 eBay accounts; 93 user names and passwords for Bank of America online accounts; and login credentials for some 2,609 Hotmail e-mail accounts.
excerpt from Washington Post.
|
