Symantec estimates that the potential value of advertised stolen goods online is more than $276 million, 59% of which was credit card information. The security software company ’s Report on the Underground Economy, the result of data gathered from underground IRCs and forums from July 1, 2007, and June 30, 2008, analyzed a segment of the online black market and extrapolated from its findings some surprising figures. Stolen credit card numbers sell for as little as a dime or a quarter online, and the average credit limit on a stolen card is $4,000. Symantec believes that the total worth of all stolen credit numbers during the survey time was $5.3 billion. Stolen bank account information sells for between $10 and $1,000; the average stolen bank account balance is $40,000, and Symantec believes the total in stolen bank accounts for the monitoring period was $1.7 billion.
All in all, Symantec found 44,752 unique instances of sensitive information for sale. The highest earning organization that Symantec saw made $4.3 million in stolen credit card purchases over two years.
In the malware market, botnets sold for an average of $225, site-specific exploits financial sites for an average of $740, keystroke loggers for $23, and phishing kits for an average of $10.
Desktop video games were the most pirated software (49%), followed by utilities (16%), and multimedia productivity applications (11%). Symantec estimates that the total value of uploaded software it saw on one P2P network was $83.4 million.
45% of the servers that host fraudulent activity are in North America, 38% in Europe, Africa, and the Middle East, 12 % in Asia and the Pacific, and 5% in Latin America. There were 90,000 users on the largest IRC.