Stolen Social Network User-credentials made Available at $30 Each
Cyber-criminals are bragging about possessing 80GB of account credentials, which they've posted for sale at wholesale costs alternatively for $30 per log-in after segregating the same country-wise and network-wise in groups having the respective personal e-mail ids, reported computing.co.uk dated February 8, 2012.
Specifically, according to Trusteer a security company, there are ads presenting the sale of a database pertaining to country-specific user-credentials. Apparently, the advertising imposter asserts that he runs a robust botnet that gathers the data out of victimized users and then compiles it appropriately.
Amit Klein, chief technical officer at Trusteer said that after gaining hold over the administrative module of a website, the fraudster would insert malicious code inside the website for future harvesting of funds-related information. Computing.co.uk reported this. Klein added that by using log-ins from social networks within socially-engineered assaults towards enticing contacts on the fake/hijacked websites, victims would be so fooled that they'd willingly download fund-related info-stealing malware.
Reportedly, Facebook informed Trusteer that it effectively identified popular malware on people's computers followed with authenticating each login attempt for the website's access for maintaining a check on malevolent operations.
However, of particular concern is cPanel credentials getting included, state the security researchers. Notably, cPanel represents major 'control panel' software utilized for dealing with hosted websites. A probable explanation can be the installation of malware onto these websites for abuse of browser flaws as also contamination of computers via drive-by downloads.
Moreover, Trusteer explained that cyber-criminals commonly, by distributing social network or phishing e-mails, could draw in unwitting users onto the websites. A few crooks had even established interconnected websites containing attack-code as also based those networks for selling mass, malicious drive-by downloads, the company added. GMA News published this on February 12, 2012.
Significantly, the above attack shows considerable rise in advanced personalized assaults along with social network frauds. Lately, Symantec another security company demonstrated the trend within a new Threat Report it released, which states that to execute social-engineering-oriented frauds in more-and-more sophisticated styles; hackers find social networks a great place for harvesting personal information utilizing which they can strike specific targets with the frauds as described.
Related article: Settlement Reached in Lawsuits over Hacked Data
» SPAMfighter News - 17-02-2012