The IT security firm's FraudAction Research Lab says that 'CC shops' are selling card credentials in units and in bulk, as well as in customised packages that match the customer's needs.
RSA's agents, reports the company, have recently been discovering that an increasing number of online CC Shops now come with an additional offering: RDP Access to infected bots, sold by the unit.
"RDP (Remote Desktop Protocol), is not the actual product being sold through the CC shop; what the seller is offering, for $1.00 to $2.00 apiece, is a data-set that would allow the buyer to access an infected PC (using independent RDP software)", says RSA in its latest security posting.
"RDP-access-enabling data was already seen sold in the underground as early as 2006, however, never in volume quantities and in as orderly a fashion as afforded by the CC Shop interface", the firm adds.
RSA goes on to say that, by adding the sale of RDP access to his/her shop, the seller grants fraudsters the choice to exploit PCs they would otherwise have no way of tampering with.
"It is important to stress that RDP access affords the third party operator (in this case, the fraudster) complete, human-scale access rights to the desktop", the company notes.
And here's where it gets interesting, Infosecurity notes, as RSA says that fraudsters operating over these types of remote-control connections use this type of tool to impersonate and incriminate victims to perfection, all from the comfort of their virtual anonymity.
Once the fraudulent transaction goes through, RSA adds, the investigation will always lead back to the infected PC – and its owner – and not to the third-party fraudster who had actually performed it.