At the beginning of 2011, Panda Labs published a report called “The Cyber-Crime Black Market: Uncovered.” It describes an underground criminal commercial structure that is increasingly mirroring legitimate commerce. “These types of markets operate in line with the normal laws of supply and demand: there are competing prices, additional services are offered, free trials, money-back guarantees if the data doesn’t work (or if the account doesn’t have a guaranteed minimum balance)… even anonymous shopping by third-parties,” writes Panda Labs, describing what the Information Security Forum calls the ‘malspace’.
Now Trusteer has discovered further evidence: factory outlets of “login credentials for different web sites including Facebook, Twitter and a leading website administration software called cPanel.” These, says Trusteer, can be purchased in bulk, and even for specific countries such as the USA, the UK and Germany.
The inclusion of cPanel credentials is particularly worrying. cPanel is the leading control panel application used to manage hosted websites. It would allow criminals “to plant malicious code on these sites,” comments Trusteer, “that can exploit browser vulnerabilities and infect machines through drive-by-downloads.” The next step would be to lure victims to the sites through phishing emails and social network messages.
At least one cybercriminal even tries to advertise his ‘profession’ through legitimate blogs by placing comments against particular posts. One example, using a Yahoo address, offers “HACKING OF WEBSITES & Hacking Accounts which include facebook,twitter this is pretty easy,myspace,skype,and email ids.I require either a Name, Friend ID, or E-mail address of the targets account(s). I have the help of a current 0-Day Exploit that allows me to gain remote access to the website servers and from there I find the password which is usually in an MD5 hash...”