Feeds

User-friendly black hats debut Crimeware as a Service (CAAS)

'Instantly infect your favorite Fortune 500 company'

Beginner's guide to SSL certificates

Security researchers have uncovered a new web-based service containing security credentials for more than 8,700 websites belonging to Fortune 500 companies and government agencies. It allows miscreants to infect some of the internet's most popular destinations with a few clicks of the mouse.

According to security provider Finjan, the service categorizes the list of available sites by a variety of characteristics, including the country where they're hosted and their popularity. After paying a fee, criminals can select the domain they want to compromise and then use it as a means to infect vulnerable machines that later visit the site.

The service provides a menu of malware titles that can be pushed to unwitting visitors. It also allows miscreants to upload custom exploits, according to Yuval Ben-Itzhak, chief technology officer at Finjan.

In a sense, this crimeware as a service (CAAS) was inevitable. According to an earlier report from Finjan, more than 51 percent of websites that pushed malicious content in the second half of 2007 were legitimate destinations that had been commandeered by bad guys. The service is evidence that there's money to be made in automating that process - and one more sign that cyber-crime has grown into a full-fledged business where no opportunity to turn a profit is passed up.

"You can imagine the magnitude of this marketplace now," he said in an interview. "They really commercialize everything in this eco-system."

About 10 of the compromised sites are among the 100 most popular internet destinations as measured by Alexa.com. Another 100 are ranked in the top 100 to 500. Sites include some of the world's more elite organizations, including companies in the financial services, manufacturing and technology industries. They also include government agencies, including at least one belonging to a superior court in the US. Most of the sites are located in the US. Other origins included the Russian Federation, Australia, Ukraine, the Czech Republic and the UK.

Ben-Itzhak declined to identify the sites by name. He said Finjan has so far alerted only about a dozen of the compromised sites. Companies that want to find out if they're on the list can contact a Finjan representative using this link.

The service is able to seamlessly infect the websites because it has a database containing file transfer protocol usernames, passwords and server addresses that are typically used by legitimate webmasters to add, change or delete pages. The credentials were most likely stolen by infecting the PCs of administrators with keyloggers, Ben-Itzhak said.

A site called meoryprof.info has been used to access the service. At te time of writing, it was inaccessible to us. As long as the FTP credentials remain valid, you can bet it's only a matter of time before the service pops up on another site. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.