The legitimacy of the accounts haven't been confirmed, but Kirllos seems to have sold 700,000 accounts already. While it isn't anything special to sell social-networking credentials online, targeting big sites like Facebook and MySpace is only a recent trend. Randy Abrams, director of technical education at security company Eset, believes that the viral capabilities of modern malware are well-suited to big sites like facebook, where "people will follow it because they believe it was a friend that told them to go to this link." Once the password-stealing malware goes viral, big sites like Facebook are prime breeding grounds for credential lifting.Â
Kirllos is selling the accounts at a very deep discount compared to similar transactions. In Symantec's Internet Security Threat Report, email credentials sell at prices between $1 and $20, low quality bank information can go for $15 (high quality can go for $850), and Kirllos wants $0.025 per account. That's one reason why he's selling such a high volume. However, that doesn't mean it's a scam. With such a large volume of accounts, Kirllos can afford to undercut the competition and still come out rich.
Comments (38)
ReplyWho will buy these accounts?
spammers
spammers
And how exactly can facebook be a spamming platform? The worse these hacked accounts can do is spam messages to friends, who could easily just block them upon noticing that thier friends account has been hacked.
I don't see any real reason to buy 1.5M hacked accounts, unless you want to resell them individually to stalkers and trolls, but that would be a very complicated and tedious endeavour.
I'd say this is just another case of internet dick-waving.
And how exactly can facebook be a spamming platform? The worse these hacked accounts can do is spam messages to friends, who could easily just block them upon noticing that thier friends account has been hacked.
.
you'll be surprised the amount of people that are click happy... same as an email... same concept, same results...
A lot of people don't realize when their friend's account is hacked. For instance, I know someone that ended up clicking on a virally spread video that ended up injecting a virus into their system, and while they were logged in it would post a similar video (but always with a different title and thumbnail, which I noticed as I was cleaning up his account/computer). I'm not entirely sure how many times this person had to click "Yes" for it to land on their system (if at all considering the numerous Flash vulnerabilities), but we all know that most users are not averse to clicking "Yes" blindly.
So, as an uneducated user, I may be hesitant to click on the random friend request and/or message links. However, as an uneducated user, I probably would click on the video that my best friend sent me.
you'll be surprised the amount of people that are click happy... same as an email... same concept, same results...
Probably better results even. Since people will think the link came from a friend and the thought of a hacked facebook account won't immediately cross their mind.
And how exactly can facebook be a spamming platform? The worse these hacked accounts can do is spam messages to friends, who could easily just block them upon noticing that thier friends account has been hacked.
I don't see any real reason to buy 1.5M hacked accounts, unless you want to resell them individually to stalkers and trolls, but that would be a very complicated and tedious endeavour.
I'd say this is just another case of internet dick-waving.
I think you are forgetting about the biggest threat, the password. Non tech users have the same password for every bloody online service. So guess what, you get the facebook password, you get the e-mail password. Beyond that, the sky is the limit.
PS: Do we really need malware to get facebook accounts? I mean, we're in 2010 and those guys aren't even using https.... jeez
Are these legitimate accounts that have been hacked, or accounts that he created. I'm assuming they are hacked accounts, but please correct me if I'm wrong.
hacked accounts.
Can you imagine how long it would take for someone to create 1.5 Million accounts?
Not long with automated scripts... it's pretty simple actually.
Not long with automated scripts... it's pretty simple actually.
yes but I beliebe FB has ways to avoid scripting. Also you will need to create 1.5M different email addresses
How do you know if your account is on the list or not is my question.
if you cannot login to your account anymore ,,, that means your hacked
Hey..u play Pl too..awesome game isn't it
A just punishment for this ******* would be to have the names of all 1.5 million people tattooed on his body, in one continuous session.
lol I would pay $0.025 to see that!
lol I would pay $0.025 to see that!
Count me in too
Maybe its time to change the old password...
bwahahahaha.
anything funny...? Don't start as the first poster did
Maybe they use a really weak password. My password is 512 character long, so I hope Im not for sale.
How the hell can you have a 512 character password??!! The max I've seen is a 20 character limit, and that too on a security site. This is just a social networking site!
How the hell can you have a 512 character password??!! The max I've seen is a 20 character limit, and that too on a security site. This is just a social networking site!
People really need to be on higher alert with these scams. And Facebook should work harder to prevent such things from ever ocurring. Just comes to show that not just Facebook can be unsafe but the entire internet.
Everyone needs to be educated. Otherwise they are as vulnerable as watching online porn without an antivirus.
I basically blame AOL and others like them for introducing the uneducated to the internet. Before they came along, most people on the internet knew what the **** they were doing.
So you blame AOL and others like them for introducing people to what currently is by far the most useful thing in our lifes and the only hope for a better future? The Internet can spread knowledge as fast as malware. It brought free speech and free education for almost everybody
Plus free porn! xD
Oh can we start auctions to be each other?!
I start the bidding at mine at £1 million!
So if one hacker has 1.5 million accounts - what about others? and again how many of those 500 Million users on Facebook 'real'?
Not sure, but weekly I get really hot chicks I dont know ad me as friends. They are fake as the first clue was hot chicks wanting to be my friend...haha
Meh, it's only $37,000.
Only? That's still a good chunk of change for most people. That's more than a year's salary for many people.
So if you're this hacking scammer, you hijack some accounts, sell them, make $37k, you're good for the year. Good money for such little work I'd say.
Not justyfing this guy, just saying...
This kind of thing happens everyday. As long as you dont post detailed info about your self and are secure, then you will be fine.
Today it is Facebook...tomorrow it may be Neowin. Who knows.
Can't you just use the "forgot my password" thing and reset it through your email?
People have who facebook accounts, probably have the same password as their e-mails, because thats what you use to login to facebook. So perhaps, they'll have access to most of their e-mails as well =o
My Facebook account and the E-mail address associated with it use different passwords thank you very much.
Why on earth would anyone want to sell a Facebook account in the first place? What an idiot.
http://blog.merrycode.com/1-5-...sian-hacker-are-not-hacked/
more info and the name of the forum... is russian if anyone wants to give it a try and buy back their account LOL