Author Topic: VeriSign can put a price on your Facebook.  (Read 389 times)

0 Members and 1 Guest are viewing this topic.

Offline Zaphod

  • Administrator
  • Never shuts up
  • *
  • Posts: 1,608
  • Gender: Male
    • Exocet's Silo
VeriSign can put a price on your Facebook.
« on: April 23, 2010, 05:51:06 PM »
VeriSign can put a price on your Facebook.


Security researchers at VeriSign iDefense can put a price on your Facebook account. A recent attempt to sell 1.5 million accounts shows, social networking credentials are gaining value in the cyber-underworld.

Compromised Facebook accounts are for sale. They go in lots of a thousand and the cost depends upon the number of friends in the account. The high end price is forty five dollars for a thousand accounts. There are a million and a half accounts for sale, by just one hacker.

The Facebook accounts are valuable to spread malware:

Once you have the name and address and other profile type information from a social networking site, you can use it to corroborate your way into debit card accounts and bank accounts through social engineering. You could also use these accounts as a platform to distribute malware through the friend system. As a security oriented person, I have to double and triple clutch when it comes to accepting friend invites from people that I do not know.

Just how much money can be made is illustrated by new findings from VeriSign iDefense, which uncovered a cyber crook on an electronic fraud forum selling 1.5 million Facebook accounts at a price of $25 per 1,000 accounts with 10 contacts or less. For accounts with more than 10 friends the going rate was $45 per 1,000

The hacker, who went by the name "kirllos," is believed to be from Eastern Europe based on the language being used (Russian) and the forum in question, iDefense reported. It is not known whether or not Kirllos is linked to the well known Koobface crew or any widespread phishing attacks.

If this is just the business inventory of one hacker, then one wonders how many Facebook accounts have been compromised. For some Facebook account holders, it is a matter of pride to build up the number of friends online. Some of those so called friends may have criminal intent in mind. Networking on a service such as Facebook absolutely requires attention to privacy and security. Without that focus, the Facebook account may end up as part of a hacker's sales inventory.

Because there's an inherent and unfounded trust in those messages/posts/whatever, the recipients are more likely to be convinced to engage in a risky behaviour, like clicking a link that leads to a malicious Website, or following a link and entering credentials. In the end, a stolen Facebook/MSN credential is like a skeleton key to social engineering attacks against every family member, friend or linked acquaintance of the person whose account has been compromised. The more friends the user has, the more valuable the credential."

Malware can obtain credentials via keylogging or by stealing the data contents of Facebook cookies that store the permissions that permit a user to log back into the service without a password, Brandt explained. Phishing pages are also a common ruse, and take on the appearance of the Facebook login page to trick users into entering their credentials.
Mess with the Best, Die like the rest.


Please do not “PM” me for support unless I have asked you to do so, otherwise it will be deleted and ignored.

 


Powered by EzPortal