By Dancho Danchev
What happens when a cybercriminal cannot efficiently gain access to thousands of working accounts at popular Web services, either through data mining a botnet’s population, or through phishing campaigns?
He’ll just start systematically abusing the legitimate services by automatically and efficiently registering thousands of bogus accounts, thanks to the easy to use India based CAPTCHA-solving operations.
In this post I’ll profile a recently launched Russian based service, offering access to thousands of automatically registered accounts at popular Russian social networking sites, and free email services.
Sample screenshot of the service offering access to bogus automatically registered accounts across multiple Web services:
Second screenshot of the service offering access to bogus automatically registered accounts across multiple Web services:
Third screenshot of the service offering access to bogus automatically registered accounts across multiple Web services:
The service is publicly listing it’s inventory of automatically registered accounts at some of Russia’s most popular social networks, and free Web based email service providers. What’s also worth pointing out is that the service is also offering a modest inventory of automatically registered GMail accounts, with the possibility to register thousands more if someone places an order.
The prices varying based on the number of accounts requested — the more accounts requested the cheaper it gets — are in Rubles, and the service only accepts Web Money.
Thanks to the easy to bypass CAPTCHA human verification process, we predict that we’re going to see more services offering access to automatically registered bogus accounts. This does not necessarily mean that cybercriminals will stop aiming to access legitimate accounts, as compared to automatically registered ones, they will be in a perfect position to abuse the ‘chain of trust’ between the owner of a legitimate account and his trusted network of social contacts to further disseminate malware or related scams.
We’ll continue monitoring the development of the service.