Brian Krebs post on a recent study which analyzed illegal dropzones containing stolen personal information highlights the growing risk of identify theft directly from your personal computer, notably using keylogging software.  Researchers at University of Mannheim, Germany published “Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones” which studies “an active underground economy that trades stolen digital credentials” (overview at honeyblog.org).  Here are a few of the disturbing statistics:

• Of the 300 dropzones identified, they could only analyze 70.   The statistics below are actually much higher
• Between April 2008 – October 2008, 33GB of data analyzed
• Over 170,000 victims
• More than 10,700 online bank account credentials
• 149,000 stolen e-mail credentials
• 5,682 credit card numbers
• 5,712 sets of eBay credentials

Again, this is only a small fraction of the data stolen over a few months by just two keylogger programs.  Victim’s computers are most often infected by clicking on links in malicious emails, opening compromised email attachments or otherwise infected by malicious websites they visit.