Are social networks creating malware mules?

 
1
 

The latest research from security vendor Symantec would appear to suggest that cybercrime gangs are now applying drug smuggling techniques to their trade, and are actively using 'malware mules' in order to distribute threats within social friendship networks.

According to the latest Internet Security Threat Report, email accounts are now being sold for just 65p on the underground web black market, and these are then used to distribute spam or malware via people's trusted network of contacts. The advertised prices of email accounts in 2009 ranged between 65p and £13 for each account. Most advertisements listed a flat rate, although some sellers also listed bulk purchase prices such as 30 for £95 or 65p each on bulk purchase. Some advertisements stated that Web space was included with the email account and were listed at higher prices. ISPs often include free Web space along with email accounts as a part of the service, which many people never use. Criminals who compromise these accounts can use the space to host phishing sites or malicious code without the knowledge of the account owner.

These compromised accounts can be used for sending out spam in addition to harvesting additional email addresses from contact lists, taking advantage of the fact that the recipients are likely to trust the validity of a message coming from a known contact.

The stolen personal email account details are advertised on the underground economy on black market forums that are used for the promotion and trade of stolen information and services. What's more, compromised email accounts are also often used to provide access to additional sensitive personal information such as bank account passwords, student identification numbers, mailing addresses and phone numbers as well as passwords to social networking accounts that people often store in saved personal emails. The data could be used to reset passwords, potentially giving the fraudster complete access to personal account and indeed whole identities.

Con Mallon, Security Expert, Symantec, comments: "The growth in sales of email accounts on the underground economy is a worrying trend. If fraudulent purchases are made on your credit card, you're covered by your lender and can usually recoup the money. However, if your email account is hacked who do you turn to? Scarily, scammers could have access to all your passwords for less than a pound".

Member Avatar
Davey Winder

I've been a freelance word punk for more than two decades and for the last few years an Editorial Fellow at Dennis Publishing. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011. As well as working for DaniWeb I have been a Contributing Editor with PC Pro (the best selling IT magazine in the UK) for twenty years.

Isn't it about time forums rewarded their contributors?

Earn rewards points for helping others. Gain kudos. Cash out. Get better answers yourself.

It's as simple as contributing editorial or replying to discussions labeled or OP Kudos

You
This is an OP Kudos discussion and contributors may be rewarded
Post:
Start New Discussion
View similar articles that have also been tagged: