Facebook used to sell Zeus botnet console, showing cyber crooks are getting considerably more brazen
The Web’s dark markets are not enough for some it appears, as a botnet marketer has started selling services on Facebook.
A Facebook page was discovered pushing a demo of a control panel for a Zeus botnet, which harvests financial data to let criminals access bank accounts.
The demo appears to be fairly basic, but users can contact the seller to get the full package.
“For the developer it seems to be a hobby/project of sorts (very common to guys that work on malware). But there is a second guy moving this, he runs the FB page itself and seems to be selling stolen financial data derived from Trojan logs,” Limor Kessem, team leader at RSA’s Anti-Fraud Command Centre (AFCC).
“It’s not new in terms of technical make up, but we were surprised to see it out on Facebook alongside posts that show there is real financial fraud going on.”
RSA has confirmed it is working with Facebook on an investigation into the page, which was also offering information on exploits. TechWeek checked, and found the Casper Spy Botnet page seen below:
The page admin is called Alexandra Dmitriev, who claims to be a Russian and an administrator on the Russian Hacker Girl website. It’s unclear whether he/she is a malicious hacker or a risk-taking black hat.
Below is an image of the console website the Facebook page linked to:
RSA believes the Zeus code leak of 2011 led to plenty of innovation by cyber criminals, making for a more diverse market. And some crooks are happy their nation’s laws are so lax they won’t be punished, so they can now market illegal goods in such open forums.
“Those who would take such a chance, in favour of selling their wares to a larger audience, do so because they trust the anti-digital crime laws in their counties are more forgiving or downright absent,” RSA said.
What do you know about Internet security? Find out with our quiz!