Comments on: Exploring the Market for Stolen Passwords

By: JCitizen

JCitizen — Wed, 02 Jan 2013 16:06:04 +0000

Just another good illustration why we should be using password managers with encryption. Of course that is only one rivet in the blended defense armor.

Thanks for the article Brian!

By: JCitizen

JCitizen — Wed, 02 Jan 2013 16:03:21 +0000

Sounds like you got too many AVs on your machine – besides the fact that they aren’t the best ones anyway.

By: JCitizen

JCitizen — Wed, 02 Jan 2013 16:00:49 +0000

I should think many such accounts ARE tied to credit cards. The number would be obfuscated, but if you are using it to purchase goods anyway, its all golden. However, many card companies are now holding up purchases that show a new shipping address. So this will become a problem for thieves trying this avenue.

By: RWS

RWS — Fri, 28 Dec 2012 18:30:31 +0000

Congratulations, and thanks for all your work in keeping us informed about security, Brian. I look forward to each article.

Regards,

By: TLKst21

TLKst21 — Thu, 27 Dec 2012 16:24:15 +0000

These botnets are making the rounds again. I got hit by a variant of Reveton (N5) last week (despite having AVG & McAfee) and it wiped me out. It was the FBI MoneyPack ransomware/scareware. It hijacked my computer and webcam, even though my firewall was set to disable my webcam. The scammers let me know they were watching me & demanded $300. It was very difficult to get rid of. Had to disable internet to access my desktop, do a system restore, and after days of running the hours-long “I have a virus” scans from MSFT security essentials, malware bytes & some anti-spyware from major geeks in regular & safe modes, think (hope) I finally got it all. Flipping nightmare! Hoping these criminals don’t have enough current info to steal from me. Bad enough that these jerks made me late turning in my term paper for my EMBA strategy course.

By: meh

meh — Wed, 26 Dec 2012 23:50:42 +0000

Actually, they don’t have any value. These are third world kiddies with nothing else of value to offer. It’s lamerville.

By: Godaigo

Godaigo — Wed, 26 Dec 2012 22:43:36 +0000

In many of the accounts you could then add a new credit card (also stolen) and then order products. Alternatively, as shown by the actions of Cosmo the God, you could use the information stored in the account to increase the effectiveness of social engineering attacks, etc.

By: george

george — Wed, 26 Dec 2012 21:58:55 +0000

For me, what I don’t understand is the column Price (live/die), with 2$ live and 0.01$ “die”. Does that mean that even inactive (cancelled) accounts have some (little) value for the underworld ?

By: AlphaCentauri

AlphaCentauri — Wed, 26 Dec 2012 17:43:59 +0000

What is the value of buying an account that is not tied to a credit card? Do they just use the identity information to create accounts, or try to use the username/PW combination at other sites? Or are these accounts that have not been checked for credit card information yet, like buying unshucked oysters hoping for pearls?

By: brothers in arms

brothers in arms — Wed, 26 Dec 2012 12:08:07 +0000

Money, money, money
Always sunny
In the rich man’s world
Aha-ahaaa
All the things I could do
If I had a little money
It’s a rich man’s world