Tech information that you never knew… Now at your fingertips
Posts tagged phishing
1.5 million Facebook accounts offered for sale – FAQ
Apr 27th
In their latest “Weekly Threat report”,VeriSign’s iDefense Intelligence Operations Team has profiled the underground market proposition of someone claiming to have 1.5 million compromised Facebook accounts available for sale.
The pricing method is based on the number of contacts per compromised account, presumably with the idea to allow easier spreading of related malicious content across Facebook.
Here’s an excerpt from the report, and a brief FAQ on the underground ad.
- “On Feb. 10, 2010, (cybercriminal) stated that he or she is selling 1.5 million compromised Facebook accounts, in bulk quantities, belonging to users in various countries. The price per 1,000 accounts varies based upon the number of friends and contacts that each account possesses. For a purchase of compromised accounts containing 10 contacts or fewer, a buyer must pay $25 per 1,000 accounts. A purchase of compromised accounts containing 10 or more contacts requires a buyer to pay $45 per 1,000 accounts. Accounts containing zero contacts are also available for bulk purchasing from (cybercriminal), at the cost of $15 per 1,000 accounts. The prices of these accounts are presumably in USD or the equivalent amount in some form of electronic currency.”
Sometimes, there’s no honor among cybercriminals (Phishers increasingly scamming other phishers), just like there isn’t among “real life” thieves.
From the distribution of backdoored web interfaces to web malware exploitation kits, to the actual “binding” of additional malware to the original release, sophisticated or at least cybercriminals with experience, have realized that there are thousands of potential cybercriminals that could unknowingly start working for them. The process of “cybercriminals attempting to scam novice cybercriminals” demonstrates just how vibrant the ecosystem has become these days.
With a huge percentage of the underground marketplace driven by reputation, this is exactly what this particular seller of Facebook data is missing. Moreover, with quality assurance now an inseparable part of the cybercrime ecosystem, the seller is not just skipping the time frame in between which the accounts were compromised, he is also not mentioning have many of them are actually verified as working.
These, and several other factors make me skeptical on the quality of this underground proposition.
If we consider that the cybercriminal’s claims to be true, how did he manage to obtain 1.5 million Facebook accounts?
The ad is clearly stating that they are accounts with contacts, meaning they’re compromised, and other which have zero contacts, meaning they’ve been automatically generated by outsourcing the CAPTCHA-solving process to international teams specializing in the process.
More >
New IT Term of the week
Apr 6th
Easter egg
Software easter eggs are secret screens, videos, graphics, or other type of message that has been buried in an application. Typically, easter eggs are used to display the credits for the development team or to display a humorous message. Easter eggs are intended to be fun and can be found in any type of software ? including games, word processing applications, and even operating systems. To see an easter egg, you often will need know a special procedure or sequence of keystrokes.
For example, follow these instructions to see a list of people who worked on the User Assistance feature of Microsoft Word 2000:
1. Open Microsoft Word2000
2. Press F1 or click the “Office Assistant” button
3. Under the “What would you like to do?”, type “Cast” (No quotes)
4. Click SEARCH
5. Click the MICROSOFT OFFICE 2000 USER ASSISTANCE STAFF topic
6. Click the graphic in the Microsoft Word Help screen
Easter eggs in computer games are quite common and may be funny scenes, hidden levels, or other extras gamers can discover while playing. One of the most popular easter eggs to unlock in video games is the “Dopefish”. This fun, fictional fish first appeared in Commander Keen: Secret of the Oracle (1991). Since that time it has made an appearance as an easter egg in numerous games. In many games you need to unlock a special level or perform a sequence of actions to find the hidden easter egg.
Easter eggs may also be found in movies, music albums, videos and other types of media.
More >How Google detect phishing site
Apr 4th
02 April 2010.
Google analyzes millions of pages per day when searching for phishing behavior. This kind of activity is, of course, not done by people but by computers.
The computers are programmed to look for certain things that will identify the page as a phishing site. Those things are actually the same things that users should check when evaluating if a page is legitimate or not.
According to a post on Google’s official online security blog, the first step is looking at the URL- Does it contain words like “login” or “banking” or trademarks of the phishing target? Does it use an IP address for its hostname? Does it have a large number of host components, making the address unusually long? If the answer is yes to all of these questions, the page could be a phishing one.
More >