One finding focues on speculation of large, organized cybercrime syndicates which is not clearly supported by the data; there is more to indicate a loose confederation of actors with agreed upon methods for exchanging goods and services (think of a the NYSE or the Chicago Mercantile Exchange):

There has been much speculation and debate as to the level of organization and professionalism of these groups, mainly because of the nature of the forums, which exist primarily to provide a means for participants to collaborate with each other, offer their skills, and buy and sell fraudulent and stolen goods and services. Thus, these forums could be more aptly defined as a loose collection of individuals with a common purpose rather than as highly organized and cohesive groups. Nonetheless, Symantec research indicates that there is a certain amount of collaboration and organization occurring on these forums, especially at the administrative level. Moreover, considerable evidence exists that organized crime is involved in many cases.

The top sellers among those monitored are credit cards, financial accounts, spam and phishing information, withdrawal service, and identity theft information. Together these account for 84% of sales; total advertised goods was $276 million for one year.

Malicious tools are are sold:

• The highest priced attack tool, on average, during this reporting period was botnets, which sold for
• an average of $225.
• Phishing scam hosting services were offered for an average price of $10 with prices ranging from
• $2 to $80.
• The average price of a keystroke logger advertised on the underground economy was $23.
• The highest ranked exploit during this reporting period was site-specific vulnerabilities in financial sites,
• which were advertised for an average price of $740, with prices ranging from $100 to $2,999.

The full report is here.