1.5 million Facebook accounts offered for sale

In the their latest “Weekly Threat report”, VeriSign’s iDefense Intelligence Operations Team has profiled the underground market proposition of someone claiming to have 1.5 million compromised Facebook accounts available for sale.

The pricing method is based on the number of contacts per compromised account, presumably with the idea to allow easier spreading of related malicious content across Facebook.

Here’s an excerpt from the report, and a brief FAQ on the underground ad.

* “On Feb. 10, 2010, (cybercriminal) stated that he or she is selling 1.5 million compromised Facebook accounts, in bulk quantities, belonging to users in various countries. The price per 1,000 accounts varies based upon the number of friends and contacts that each account possesses. For a purchase of compromised accounts containing 10 contacts or fewer, a buyer must pay $25 per 1,000 accounts. A purchase of compromised accounts containing 10 or more contacts requires a buyer to pay $45 per 1,000 accounts. Accounts containing zero contacts are also available for bulk purchasing from (cybercriminal), at the cost of $15 per 1,000 accounts. The prices of these accounts are presumably in USD or the equivalent amount in some form of electronic currency.”

Why would a cybercriminal want access to your Facebook account?

For a variety of fraudulent reasons, all of them exploiting the already established trust relationship between the compromised account’s holder and his network of friends. From “money transfer schemes” where the fraudster is supposedly stuck somewhere and requires cash, to a malware campaign relying on nothing else but a status message leading to a client-side exploits serving site. Your network of friends, turns into his network for propagation of fraudulent/malicious schemes and campaigns.

Fact or fiction, based on the ad’s content, this is perhaps the perfect time to change your Facebook password from a malware-free host, since a strong password is just as weak as the weak one in general if there’s malicious code present on the system.
http://blogs.zdnet.com/security/?p=6304