Largely relying on sophisticated and legitimate-looking phishing campaigns, next to active data mining of a botnet’s infected population, today’s cybercriminals are in a perfect position to monetize these fraudulently obtained assets in the form of compromised accounts.

From compromised social networking accounts, to direct access to compromised servers and desktop PCs, the market segment has been steadily growing over the past couple of months.

In this post I’ll profile a newly launched cybercrime-friendly E-shop selling access to compromised accounts belonging primarily to PayPal users, but also, compromised accounts belonging to Apple, Walmart, Ebay and Skype users.

More details:

Sample screenshot of the newly launched service selling hundreds of PayPal accounts:

Second screenshot offering a peek inside the the cybercrime-friendly E-shop:

Third screenshot offering a peek inside the the cybercrime-friendly E-shop:

Fourth screenshot offering a peek inside the the cybercrime-friendly E-shop:

Just how dynamic is the market segment for selling compromised accounting details? Let’s assess this by going through the updates posted on behalf of the E-shop’s owner:

– 05:49:12 20/Sep/2012: Looking for reseller of ( RDP , CVV ) contact me via ICQ
– 05:48:17 20/Sep/2012: Update UK Paypal ( Mail | Balance )
– 05:47:43 20/Sep/2012: Update Fresh Apple Account with CC
– 19:55:46 12/Sep/2012: Update United Kingdom Paypal’s
– 19:55:16 12/Sep/2012: Update Walmart Account ( Bulk ) Fresh
– 19:54:47 12/Sep/2012: Update Ebays ( Bulk Account ) High Feedback
– 04:36:37 06/Sep/2012: Update UK Paypal
– 04:36:20 06/Sep/2012: Update Fresh Ebay Account
– 03:36:18 31/Aug/2012: Order for bulk open again , you can request account in a bulk ( ebay,walmart,skype,etc) Contact Icq
– 03:35:04 31/Aug/2012: Update ExtraMC ( Include ssn/dob/etc/mail access )
– 03:34:11 31/Aug/2012: Update US CC Valid rate 85-90%
– 03:33:49 31/Aug/2012: Update Ebay account with mail access
– 03:33:23 31/Aug/2012: Update 50 UK Paypals
– 15:17:30 28/Aug/2012: Well Fargo & Chase Log Available via [ICQ]
– 12:18:02 27/Aug/2012: Fresh USA administrator RDP only $4
– 23:23:19 20/Aug/2012: BillMeLater Available ( Full Info ) Contact ICQ
– 23:22:53 20/Aug/2012: Paypal SmartConnect ( Full info include Dob-SSN) Available ) Contact ICQ
– 21:40:51 17/Aug/2012: Update UK Paypal
– 12:24:48 15/Aug/2012: eBay Account ( Mail Access )
– 12:23:59 15/Aug/2012: Update UK Paypals ( Mail | Balance )
– 00:01:37 09/Aug/2012: Update eBay Account
– 00:01:20 09/Aug/2012: Update UK & US Paypal’s
– 00:00:48 09/Aug/2012: Update USA RDP
– 23:33:42 05/Aug/2012: Update USA CC’S 50
– 23:33:20 05/Aug/2012: Update Skype (Balance + Online number)
– 23:32:44 05/Aug/2012: Update RDP ( AU,US)
– 23:32:19 05/Aug/2012: Update Paypal Worldwide
– 23:31:59 05/Aug/2012: Update Paypal UK
– 17:44:35 04/Aug/2012: Changing New Host and Last site Backup is 31/07/2012
– 17:44:00 04/Aug/2012: Site Has been Ddosed by 1Gbps attack
– 17:43:25 04/Aug/2012: Sorry for the Down Time
– 17:27:16 30/Jul/2012: Update Fresh UK Paypal ( Mail Access )
– 17:26:40 30/Jul/2012: Update Worldwide Paypal
– 20:25:44 27/Jul/2012: Update Paypals ( Mail + Balance )
– 20:24:59 27/Jul/2012: Update Admin RDP USA
– 20:24:42 27/Jul/2012: Update Ebay Account
– 20:24:20 27/Jul/2012: Update Amazon Account
– 20:23:58 27/Jul/2012: Update BestBuy Account
– 20:23:44 27/Jul/2012: Update Apple Account
– 20:23:27 27/Jul/2012: Update Walmart
– 08:41:31 21/Jul/2012: Please Use Mozilla Firefox
– 21:54:04 19/Jul/2012: Update Account ( Overstock , Apple , Dell )
– 21:53:38 19/Jul/2012: Update CC’s * USA CANADA
– 21:53:14 19/Jul/2012: Update Walmart Account
– 21:52:59 19/Jul/2012: Update Paypals ( Mail Access )
– 19:00:31 17/Jul/2012: Update Ebay / Overstock
– 19:00:18 17/Jul/2012: Update CC’S
– 18:59:58 17/Jul/2012: Update Paypals
– 19:00:56 14/Jul/2012: Shop Back’s Online
– 18:32:24 24/Jun/2012: Reseller Welcome
– 18:31:53 24/Jun/2012: Update Ebay Account
– 18:31:41 24/Jun/2012: Update Walmart Bulk Account
– 18:31:21 24/Jun/2012: Update 150 US Paypal
– 16:10:42 20/Jun/2012: Update OverStock Account
– 16:10:23 20/Jun/2012: Update Overstock ( Bulk )
– 16:10:05 20/Jun/2012: Update Paypals UK / US
– 11:33:24 19/Jun/2012: Update 70 UK Paypal
– 11:32:41 19/Jun/2012: Good day , we are now provide new service for increase your followers and Likes , for more information contact our support ICQ
– 12:13:41 11/Jun/2012: For Bulk Ebay / Amazon / Mail Checked Kindly Contact our ICQ
– 12:13:10 11/Jun/2012: Please Download your purchased
– 12:12:26 11/Jun/2012: Register will closed Soon
– 12:11:17 11/Jun/2012: Update Verified Paypal + Mail + Balance
– 12:10:50 11/Jun/2012: Update Paypal Unverfied + Mail + Balance
– 12:10:27 11/Jun/2012: Update GoogleCheckout
– 12:10:05 11/Jun/2012: Update Ebay With Mail Acess

It’s pretty obvious that the E-shop’s owner is interested in retaining his customers by issuing periodic updates to the database consisting of compromised accounts obtained either through phishing campaigns, or through data mining a botnet’s infected population.

We’ll continue monitoring the development of the service.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This