Stolen iTunes accounts for sale

6 January 2011 Last updated at 07:18 ET

Tens of thousands of fraudulent iTunes accounts are for sale on a major Chinese website, it has been revealed.

Around 50,000 accounts linked to stolen credit cards are listed on auction site TaoBao, the country's equivalent of eBay.

Buyers are promised temporary access to unlimited downloads from the service for as little as 1 yuan (10p) a time.

Apple, which recently stepped up iTunes' security after a series of break-ins, declined to comment.

However the company has warned users in recent months to safeguard their personal details.

Listings seen by the BBC tell buyers they can "go after anything they like" including "software, games, movies, music and so on". Several listings tell prospective buyers they can only use the accounts for 12 hours before it is likely to be shut down.

Details of the auctions first emerged in first emerged in the China's Global Times, which reported that one seller had admitted to the theft.

"Of course these accounts are hacked, otherwise how could they be so cheap?" they told the newspaper.

While it is not clear whether the accounts themselves were stolen, or whether they were set up with fraudulently obtained information, it is against the terms and conditions of iTunes to resell user identities.

Increased security

It is not the first time that users of the service have been targeted by fraudsters. In recent years the iTunes store has become an alluring target for criminals.

Continue reading the main story

"Start Quote

Until we receive a valid takedown request, we cannot take action."

End Quote Spokeswoman for TaoBao

Last summer an e-mail scam that targeted iTunes and PayPal left some victims facing credit card bills for thousands of pounds. At the time, Apple increased security checks to safeguard against fraud, and told users to be vigilant for signs of unauthorised activity.

And last month a Wolverhampton man admitted to being involved in a �500,000 fraud that used stolen credit cards to buy songs from the service.

TaoBao said that it was not required to remove the listings because it had not received any direct complaints about the sales.

"We take all reasonable and necessary measures to protect the rights of consumers who use Taobao, of our sellers and of third-parties," the company said in a statement. "Until we receive a valid takedown request, we cannot take action."

The Chinese company is one of the country's biggest internet success stories. It has more than 200 million users and is believed to have sold around 400 billion yuan (�38bn) of goods in the last year alone.

News of the fraudulent sales comes ahead of the launch of Apple's new Mac App Store later today.

The service is an attempt transfer the success of its iPhone app store to desktop and laptop computers. It requires programs to gain Apple's approval before they can go on sale - despite the fact that Mac users are already freely available to download programs from around the web.

Online Business Consulting | Internet Business Consulting

Global spam levels suddenly fall

6 January 2011 Last updated at 07:51 ET

The amount of junk e-mail being sent across the globe has seen a dramatic fall in recent months.

The volume of spam has dropped steadily since August, but the Christmas period saw a precipitous decline.

One security firm detected around 200 billion spam messages being sent each day in August, but just 50 billion in December.

While the reasons for the decline are not fully understood, spam watchers warn the lull may not last.

Around the Christmas holidays, three of the largest spam producers curtailed their activity, Paul Wood, a senior analyst at Symantec Hosted Solutions told BBC News.

"But it's hard to say why," he added.

Inactive botnets

The vast majority of spam is sent by networks of infected computers known as botnets.

One of these botnets, known as Rustock, was at its peak responsible for between 47% to 48% of all spam sent globally, said Mr Wood.

In December, Rustock was responsible for just 0.5% of global spam, he said.

At the same time, two other prominent spamming botnets, Lethic and Xarvester, also went quiet.

There have been huge drops in spam levels before, said Mr Wood.

"Usually they have been associated with the botnets being disrupted. As far as we can tell Rustock is still intact," he added.

That means those controlling Rustock could have continued churning out masses of spam, but for whatever reason, have chosen not to.

Chasing profit

One possible explanation is that the spammers are simply regrouping ahead of a new campaign.

Spammers are driven entirely by profit, said Carl Leonard, a researcher at security firm Websense.

"So if a campaign is not getting the returns they want, they can stop, regroup and try something else." he said.

Anti-spam campaigns have had enjoyed recent success in making life difficult for spammers, said Mr Wood.

In late September 2010, a collective known as Spamit announced it was closing because of "numerous negative events" and increased attention.

That has certainly contributed to the current decline in spam volumes, said Vincent Hanna, an investigator at anti-spam group Spamhaus.

"This was a significant operation, with assets all over the world. It's decision to stop operating - or at least lay low for a while - has made it more difficult for [other] spammers," he said.

That helps explain the longer-term drop, but the reason for the reduction in December in not yet understood, he added.

There have, however, been signs that spammers are turning to alternative methods to e-mail for distributing their messages - such as Facebook and Twitter, said Mr Leonard.

In December, Twitter accounts were hijacked to distribute diet pill spam after a list of possible passwords was published online.

Even so, it is still too early to say the current lull in activity will last, said Mr Leonard.

"For years there have been predictions that e-mail spam is set to decline," said Mr Leonard. "But for as long the spammers can generate profit from their activities, it's not going away."

Mr Wood said new spammers usually pop up to replace inactive ones.

"We've yet to see any evidence that spam has become a bad business to be in," he added.

Online Business Consulting | Internet Business Consulting