An electronic fraud forum has been uncovered with over a million compromised accounts available for sale in bulk quantities.
VeriSign iDefense has uncovered the forum, where the user ‘kirllos' claimed to be selling 1.5 million compromised accounts in bulk quantities. Prices depended on how many contacts or friends the user has on the site, costing $25 (£16) per 1,000.
It also claimed that accounts with zero contacts are also particularly popular for engaging in malicious activities such as the spread of malware, with criminals exploiting vulnerabilities in the sites to execute scripts and attempt to request additional contacts through friend finder tools, often using photos of attractive individuals to gain the maximum number of friends.
Rick Howard, director of intelligence at VeriSign iDefense, said: “The increasing exploitation of the hundreds of millions of social network users globally signifies a key shift in focus for cyber criminals. The trend for harvesting information from social networking sites has been around for some time now, however cyber criminals typically limited their attacks to social media sites within their own geography.
“For example, Russian cyber criminals have, typically, targeted users of VKontakte (VK) – a social networking site popular in Russia, Belarus and Ukraine. The malicious exploitation of VK users is almost exclusively limited to cyber criminals within these nations. However the increasing exploitation of users of popular international platforms is important as it signifies that criminals are becoming more and more internationalised – these sites provide a convenient platform for criminals to expand their trade around the globe.”