Are social networks creating malware mules?


The latest research from security vendor Symantec would appear to suggest that cybercrime gangs are now applying drug smuggling techniques to their trade, and are actively using 'malware mules' in order to distribute threats within social friendship networks.

According to the latest Internet Security Threat Report, email accounts are now being sold for just 65p on the underground web black market, and these are then used to distribute spam or malware via people’s trusted network of contacts. The advertised prices of email accounts in 2009 ranged between 65p and £13 for each account. Most advertisements listed a flat rate, although some sellers also listed bulk purchase prices such as 30 for £95 or 65p each on bulk purchase. Some advertisements stated that Web space was included with the email account and were listed at higher prices. ISPs often include free Web space along with email accounts as a part of the service, which many people never use. Criminals who compromise these accounts can use the space to host phishing sites or malicious code without the knowledge of the account owner.

These compromised accounts can be used for sending out spam in addition to harvesting additional email addresses from contact lists, taking advantage of the fact that the recipients are likely to trust the validity of a message coming from a known contact.

The stolen personal email account details are advertised on the underground economy on black market forums that are used for the promotion and trade of stolen information and services. What's more, compromised email accounts are also often used to provide access to additional sensitive personal information such as bank account passwords, student identification numbers, mailing addresses and phone numbers as well as passwords to social networking accounts that people often store in saved personal emails. The data could be used to reset passwords, potentially giving the fraudster complete access to personal account and indeed whole identities.

Con Mallon, Security Expert, Symantec, comments: "The growth in sales of email accounts on the underground economy is a worrying trend. If fraudulent purchases are made on your credit card, you’re covered by your lender and can usually recoup the money. However, if your email account is hacked who do you turn to? Scarily, scammers could have access to all your passwords for less than a pound".

About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.