Black market pricelist: stolen card data from 50 cents, bank accounts $30

During the first half of 2007, Symantec found more than 8,000 distinct credit cards being advertised for exchange on web servers used by the underground economy, making up 22% of all goods advertised there.

The asking price for stolen card data is influenced by the quality of data offered. The inclusion of the security code found on the back of a card makes a card's value far higher to a fraudster.

Bank accounts were offered at prices ranging from $30 to $400. Email passwords were sold for anything from $1 to $350. Email addresses were priced by file-size: a one Megabyte (1MB) collection costs between $2 and $4, Symantec found.

Full identities were priced between $10 and $150 per person; and Social Security numbers were priced between $5 and $7.

The study also noted a sharp rise in the use of phishing toolkits. A toolkit includes a series of scripts that allow an attacker to automatically set up phishing web sites that spoof legitimate web sites. The top three most widely used phishing toolkits were responsible for 42% of all phishing attacks detected during the reporting period, said Symantec.

Arthur Wong, senior vice president of Symantec Security Response and Managed Services, said that the company has seen a significant shift in attackers' motivatation, from fame to fortune.

“The internet threats and malicious activity we are currently tracking demonstrate that hackers are taking this trend to the next level by making cybercrime their actual profession, and they are employing business-like practices to successfully accomplish this goal,” he said.