So you get your passwords stollen with a keylogger or some other malware. What does a hacker do with stolen passwords? Whats the end game? Where is the financial motive for the hacker?
There is a good chance that the person whose password is stolen uses that password on other sites. I guarantee you that if you steal enough usernames and passwords, you'll find a lot of people who use the same credentials for their email, bank, PayPal, etc. Actually, they just need your email, and from there they can reset your other passwords and click the confirm link once it goes to your email.
The financial incentives can vary...they can make fraudulent purchases, transfer money, steal domain names, hack sites, you name it.
EDIT: For a real-life example, when I worked at Internet Brands (makers of vBulletin), a hacker managed to obtain administrator passwords on sites we owned running vBulletin. He then used that administrator's account to install a plugin that gave him access to the whole user database. He then used that database to log into other sites we owned (it is possible to google a vBulletin username to see what other sites they are members of). Once he had admin access on a dozen or so sites, he added dupedb.com links to all of them.
So the end game would be to transfer money out of bank accounts and paypal? Is it really that easy to do. Seems like it would leave one hell of a trail.
Whats the end game in stealing domain names and hacking sites. There has got to be a financial motivator somewhere in the chain.
Whats the end game in stealing domain names and hacking sites. There has got to be a financial motivator somewhere in the chain.
In the case of the vBulletin hacks, the dozen or so sites hacked were all PR4 and above. The guess the idea there is that Google crawls these sites regularly, and it would find hundreds of inlinks to the hacker's site, giving him a boost in the rankings.
As far as PayPal and banks go, you're right, it would leave quite a trail if the hacker started sending money to his accounts from yours. Instead, the hacker might log into your PayPal account to get additional info, such as the billing address for each of your credit cards (easy to find under Profile>Credit Cards). He can log into your bank website to find the full credit card number or account numbers and routing numbers along with the billing address, and a nice history of purchases. It would be easy to disguise a fraudulent purchase by making it the same amount as a purchase you regularly make.
Keyloggers (often malware, so not intentionally put there by some hacker) download the passwords for your FTP sites, and alter some of the pages on the websites you have FTP data from. They will use your websites to send spam.
Every time someone clicks "report spam" in their email program, it gets logged, and with enough flags, and IP gets banned. Sometimes the lifetime of a spam server is just an hour or two (not worth registering). This is why so many Amazon EC2 IPs are banned. They are so easy to spin up and spam, then terminate.
The spammers can use "clean" websites as relays to send spam, and move on to a new one, leaving the site owner to deal with the consequences. Likewise, they can send out spam using hacked individual accounts. The advantage here is that people are more likely to open an email from someone on their contact list, and these emails are often whitelisted.
The financial incentives can vary...they can make fraudulent purchases, transfer money, steal domain names, hack sites, you name it.
EDIT: For a real-life example, when I worked at Internet Brands (makers of vBulletin), a hacker managed to obtain administrator passwords on sites we owned running vBulletin. He then used that administrator's account to install a plugin that gave him access to the whole user database. He then used that database to log into other sites we owned (it is possible to google a vBulletin username to see what other sites they are members of). Once he had admin access on a dozen or so sites, he added dupedb.com links to all of them.