The authors of Phishme ran some malware they received in a spam message. They ran it on a virtual machine, so as not to infect any other machines. This is what they found. It ran a keylogger, took screenshots, and downloaded all the passwords on the browser; then it was emailed to the attacker The author was able to find out the attackers email credentials. It makes me smile watching this type of thing in action. This type of malware, however, is written very likely by a script kiddie, and is not a professional. Sadly, a professional would not be so careless and would not make these kinds of mistakes.
Here are my originating articles: