User-friendly black hats debut Crimeware as a Service (CAAS)

'Instantly infect your favorite Fortune 500 company'


Security researchers have uncovered a new web-based service containing security credentials for more than 8,700 websites belonging to Fortune 500 companies and government agencies. It allows miscreants to infect some of the internet's most popular destinations with a few clicks of the mouse.

According to security provider Finjan, the service categorizes the list of available sites by a variety of characteristics, including the country where they're hosted and their popularity. After paying a fee, criminals can select the domain they want to compromise and then use it as a means to infect vulnerable machines that later visit the site.

The service provides a menu of malware titles that can be pushed to unwitting visitors. It also allows miscreants to upload custom exploits, according to Yuval Ben-Itzhak, chief technology officer at Finjan.

In a sense, this crimeware as a service (CAAS) was inevitable. According to an earlier report from Finjan, more than 51 percent of websites that pushed malicious content in the second half of 2007 were legitimate destinations that had been commandeered by bad guys. The service is evidence that there's money to be made in automating that process - and one more sign that cyber-crime has grown into a full-fledged business where no opportunity to turn a profit is passed up.

"You can imagine the magnitude of this marketplace now," he said in an interview. "They really commercialize everything in this eco-system."

About 10 of the compromised sites are among the 100 most popular internet destinations as measured by Alexa.com. Another 100 are ranked in the top 100 to 500. Sites include some of the world's more elite organizations, including companies in the financial services, manufacturing and technology industries. They also include government agencies, including at least one belonging to a superior court in the US. Most of the sites are located in the US. Other origins included the Russian Federation, Australia, Ukraine, the Czech Republic and the UK.

Ben-Itzhak declined to identify the sites by name. He said Finjan has so far alerted only about a dozen of the compromised sites. Companies that want to find out if they're on the list can contact a Finjan representative using this link.

The service is able to seamlessly infect the websites because it has a database containing file transfer protocol usernames, passwords and server addresses that are typically used by legitimate webmasters to add, change or delete pages. The credentials were most likely stolen by infecting the PCs of administrators with keyloggers, Ben-Itzhak said.

A site called meoryprof.info has been used to access the service. At te time of writing, it was inaccessible to us. As long as the FTP credentials remain valid, you can bet it's only a matter of time before the service pops up on another site. ®

Broader topics


Other stories you might like

  • Running Windows 10? Microsoft is preparing to fire up the update engines

    Winter Windows Is Coming

    It's coming. Microsoft is preparing to start shoveling the latest version of Windows 10 down the throats of refuseniks still clinging to older incarnations.

    The Windows Update team gave the heads-up through its Twitter orifice last week. Windows 10 2004 was already on its last gasp, have had support terminated in December. 20H2, on the other hand, should be good to go until May this year.

    Continue reading
  • Throw away your Ethernet cables* because MediaTek says Wi-Fi 7 will replace them

    *Don't do this

    MediaTek claims to have given the world's first live demo of Wi-Fi 7, and said that the upcoming wireless technology will be able to challenge wired Ethernet for high-bandwidth applications, once available.

    The fabless Taiwanese chip firm said it is currently showcasing two Wi-Fi 7 demos to key customers and industry collaborators, in order to demonstrate the technology's super-fast speeds and low latency transmission.

    Based on the IEEE 802.11be standard, the draft version of which was published last year, Wi-Fi 7 is expected to provide speeds several times faster than Wi-Fi 6 kit, offering connections of at least 30Gbps and possibly up to 40Gbps.

    Continue reading
  • Windows box won't boot? SystemRescue 9 may help

    An ISO image you can burn or drop onto a USB key

    The latest version of an old friend of the jobbing support bod has delivered a new kernel to help with fixing Microsoft's finest.

    It used to be called the System Rescue CD, but who uses CDs any more? Enter SystemRescue, an ISO image that you can burn, or just drop onto your Ventoy USB key, and which may help you to fix a borked Windows box. Or a borked Linux box, come to that.

    SystemRescue 9 includes Linux kernel 5.15 and a minimal Xfce 4.16 desktop (which isn't loaded by default). There is a modest selection of GUI tools: Firefox, VNC and RDP clients and servers, and various connectivity tools – SSH, FTP, IRC. There's also some security-related stuff such as Yubikey setup, KeePass, token management, and so on. The main course is a bunch of the usual Linux tools for partitioning, formatting, copying, and imaging disks. You can check SMART status, mount LVM volumes, rsync files, and other handy stuff.

    Continue reading

Biting the hand that feeds IT © 1998–2022