After cleaning up an infected system and doing due diligence on the people involved, I was able to track the exploit down to a group of Mexican porn site operators who apparently also take the credit cards people give them to buy porn and sell them to others. Porn site operators aren't the most ethical bunch, but it serves as a helpful reminder. You need to trust the merchant of whatever product you buy to not, in turn, sell your credit card or other information. This is true regardless of it being an online merchant or some guy in a shop on the corner. But the point is that it got me thinking about how many accounts out there that have been stolen by spyware and how much money is impacted. I did a quick study which came up with $24 billion of US consumer money that could be levereged by someone who is not the consumer.
This is my own estimate and you can look at the methodology here. Essentially I took the infection rate of "system monitor" spyware infections (those that have keyloggers which grab banking account and credit card information), the percentage of people who bank and shop online, and the average balance on bank accounts and credit cards and came up with over $24 billion in assets and credit that can be levereged by "hostile entities" today. I believe this number is an underestimate. This does not include accounts stolen via phishing, online merchants who just take the information you give them, or other social engineering attacks.
This is a draft analysis (complete with typos, bad grammar, and probably broken HTML) and comments are welcome to bambenek -at- gmail.com.
Sep 30th 2005
1 decade ago