[In response to this article on ThreatPost, the following was posted to pastebin pointing out Kaspersky's counterhacking of the Dorifel malware owners. Keep in mind that threatpost is run by Kaspersky.]
Amazing how the pot calls the kettle black. "David Jacoby a malware researcher at Kaspersky Lab, traced the malware back to the hosting servers, and found that not only was Dorifel being hosted on there, there also were several other pieces of malware being hosted on those boxes, along with a lot of stolen information."
Interesting statement in particular the comment: "there were other... along with a lot of stolen information." I wonder if Mr. Jacoby would elaborate on how he managed to access and view this "stolen data." To do so would mean Mr. Jacoby would either have access to the server or illegally access the server in order to view what was there.
Imagine the following: Group penetrates say Google, uses a server to store and serve malware. Along comes a "researcher" and determines that there is a lot of malware and "stolen financial data" on said server. Because most organized crime groups take meticulous cautions in storing stolen financial content, it is HIGHLY UNLIKELY that the "stolen financial" data was publicly visible. To the crime organization it would defeat the purpose, anything they were stealing, they'd be giving away. Question of the day: "Did Kaspersky admit to counterhacking malware servers?" I would think so.