Thursday, December 18, 2008

Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones

We study an active underground economy that trades stolen digital credentials. We present a method with which it is possible to directly analyze the amount of data harvested through these types of attacks in a highly automated fashion. We exemplify this method by applying it to keylogger-based stealing of credentials via dropzones, anonymous collection points of illicitly collected data. Based on the collected data from more than 70 dropzones, we present the first empirical study of this phenomenon, giving many first-hand details about the attacks that were observed during a seven-month period between April and October 2008. This helps us better understand the nature and size of these quickly emerging underground marketplaces.

http://honeyblog.org/junkyard/reports/impersonation-attacks-TR.pdf

No comments:

Post a Comment