Data theft trojans have been continuing their upward trajectory, currently the most predominant malware binaries blocked by ScanSafe. I'm often asked what the attackers do with the data they steal. There's no single answer - what happens to the stolen data is solely dependent on the imagination and intent of the attackers. In some cases, the attacker may try to peddle the stolen data to the victim's competitors - and if that fails, offer it up for sale to the highest bidder.

T-Mobile may be the latest victim of that. On Sunday, attackers advertised the following on the Full Disclosure mailing list:

Hello world,

The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is
available in 98 of the 100 largest markets and 268 million potential customers.

Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers,
financial documents up to 2009.

We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are
offering them for the highest bidder.

Please only serious offers, don't waste our time.

The remainder of the email consists of source documentation of the alleged stolen data and can be viewed in its entirety via the Full Disclosure archive.