Once malicious code is running on a user's machine, it can directly steal confidential data stored on the computer (data theft). Such data can include passwords, activation keys to software, sensitive correspondence, and any other information that is stored on a victim's computer. Some confidential data, such as passwords stored in browser and email clients, is accessible in standard locations. By automatically filtering data looking for information that fits patterns such as a social security number, a great deal of other sensitive information can also be obtained.
Data theft is also commonly performed by crimeware engaged in corporate espionage (or possibly governmental) espionage. High-value machines can be targeted, but some such espionage can also be based on large-scale attacks, because personal computers often contain the same confidential information that is also stored on better-protected enterprise computers. In addition to espionage for hire, confidential memos or design documents can be publicly leaked, causing economic damage or embarrassment.
- "Overview" section: The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, at 12-13.