Feeds

User-friendly black hats debut Crimeware as a Service (CAAS)

'Instantly infect your favorite Fortune 500 company'

Beginner's guide to SSL certificates

Security researchers have uncovered a new web-based service containing security credentials for more than 8,700 websites belonging to Fortune 500 companies and government agencies. It allows miscreants to infect some of the internet's most popular destinations with a few clicks of the mouse.

According to security provider Finjan, the service categorizes the list of available sites by a variety of characteristics, including the country where they're hosted and their popularity. After paying a fee, criminals can select the domain they want to compromise and then use it as a means to infect vulnerable machines that later visit the site.

The service provides a menu of malware titles that can be pushed to unwitting visitors. It also allows miscreants to upload custom exploits, according to Yuval Ben-Itzhak, chief technology officer at Finjan.

In a sense, this crimeware as a service (CAAS) was inevitable. According to an earlier report from Finjan, more than 51 percent of websites that pushed malicious content in the second half of 2007 were legitimate destinations that had been commandeered by bad guys. The service is evidence that there's money to be made in automating that process - and one more sign that cyber-crime has grown into a full-fledged business where no opportunity to turn a profit is passed up.

"You can imagine the magnitude of this marketplace now," he said in an interview. "They really commercialize everything in this eco-system."

About 10 of the compromised sites are among the 100 most popular internet destinations as measured by Alexa.com. Another 100 are ranked in the top 100 to 500. Sites include some of the world's more elite organizations, including companies in the financial services, manufacturing and technology industries. They also include government agencies, including at least one belonging to a superior court in the US. Most of the sites are located in the US. Other origins included the Russian Federation, Australia, Ukraine, the Czech Republic and the UK.

Ben-Itzhak declined to identify the sites by name. He said Finjan has so far alerted only about a dozen of the compromised sites. Companies that want to find out if they're on the list can contact a Finjan representative using this link.

The service is able to seamlessly infect the websites because it has a database containing file transfer protocol usernames, passwords and server addresses that are typically used by legitimate webmasters to add, change or delete pages. The credentials were most likely stolen by infecting the PCs of administrators with keyloggers, Ben-Itzhak said.

A site called meoryprof.info has been used to access the service. At te time of writing, it was inaccessible to us. As long as the FTP credentials remain valid, you can bet it's only a matter of time before the service pops up on another site. ®

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.