By Dancho Danchev
Want to buy anonymous access to hacked PCs, spam-free SMTP servers (Simple Mail Transfer Protocol), or compromised bank accounts?
A newly launched underground Web service, is currently offering access to hundreds of hacked PCs, SMTP servers, and hacked bank accounts.
Let’s take a deeper look:
The service is advertised as all-in-one shop for “Shells / Rdp / Smtp / Leads / roots” accounts on multiple cybercrime-friendly Web forums.
The price for a compromised Windows PC is static compared to previously profiled shops offering access to compromised PCs, and is $8 per PC. Next to compromised PCs, the boutique Web shop is also selling 80,000 harvested Excite.com emails, and numerous compromised bank accounts. The price for a bank account with a balance of $6000 is, $135.
Screenshots of the service:
Screenshots of the compromised bank accounts offered as proof:
How is it possible that they’re selling access to a bank account that has as balance of $6000 for just $135?
The process is called risk-forwarding, similar to that of recruiting money mules for processing of the fraudulent funds. Basically, the cybercriminals behind the operation are incapable of obtaining the full amount of money available in the bank account, and are only interested in charging a static, market-independent amount of money for it.
In comparison, sophisticated vendors interested in repeated purchases, and long-term relationships within the cybercrime ecosystem, will usually accept bulk orders and offer suitable discounts for purchasing hundreds of thousands of compromised hosts.
Webroot’s security researchers will continue monitoring the development of the service, and post updates to this post, as soon as a new threat vector emerges.
Meanwhile, customers are advised to check their bank statements regularly for possible fraudulent purchases, and to take advantage of mobile notification services alerting them every time money goes in and goes out of their bank accounts.