According to a weekly threat report presented by VeriSign’s iDefense Intelligence Operations Team, someone is trying to unload over 1.5 million compromised Facebook accounts.
An excerpt from the report reads:
- “On Feb. 10, 2010, (cybercriminal) stated that he or she is selling 1.5 million compromised Facebook accounts, in bulk quantities, belonging to users in various countries. The price per 1,000 accounts varies based upon the number of friends and contacts that each account possesses. For a purchase of compromised accounts containing 10 contacts or fewer, a buyer must pay $25 per 1,000 accounts. A purchase of compromised accounts containing 10 or more contacts requires a buyer to pay $45 per 1,000 accounts. Accounts containing zero contacts are also available for bulk purchasing from (cybercriminal), at the cost of $15 per 1,000 accounts. The prices of these accounts are presumably in USD or the equivalent amount in some form of electronic currency.”
Since the ad states that these some are accounts with contacts (compromised) and other have zero contacts,(automatically generated by outsourced CAPTCHA-solving processes) we can assume that the ‘seller’ several sources. Another recent underground ad offered
- 1 million solved reCAPTCHAs for $800 through outsourcing
It’s becoming common practice for these cybercriminals to buy and sell crimeware data, and the data mining projects often seen on freelance sites should be viewed with caution. You never know if the data may be utilized as part of some sort of phishing campaign, and the purchaser is collecting raw data for illagal uses or to drive illicit programs.
Recent projects posted on freelance website Elance.com included the following:
- Request for an illustration for software that steals passwords from people with whom the buyer is chatting online
- Request for sales copy for keylogging software that can be remotely activated on other computers.
These fraudsters depend on a network for propagation of fraudulent/malicious schemes and campaigns. It’s not just social sites that pose risks, says creditcards.com:
” Visa released a report in September 2006 showing that four of the top five causes of credit card-related breaches were digital security limitations at merchants of all sizes. These weaknesses included misconfigured Web servers, missing or outdated software security patches and the use of vendor-provided default passwords and settings — all of which represent violations of new credit card industry standards.”
Best practice is to ensure that your website and your visitors are protected at all times from malicious attempts.
Tags: Facebook, security breach, web security