Scribd is a website that lets users share written content online, converting Powerpoint, PDFs and Word documents into web documents that can be viewed through sites such as Facebook and other social networking services.
It was inevitable, then, that a scammer would decide to use such a service for foul means and “share” a little over 4,500 mail logins (mostly from .ru domains, and possibly used for a .ru social networking site) in the form of a 77 page text document for anybody to download and plunder.
Click to Enlarge
As you can see, the document had been viewed 94 times when the above screenshot was taken; by the time it was deleted, that figure had increased to 152. Interestingly, the account behind the upload is still busy posting utterly random content – everything from technical documents and videogame commands to what look like job advertisements, lists of cameras and descriptions of GIMP plugins (there’s even a manual for Warhammer 40,000 lurking in there somewhere). To give you an idea of the upload rate, this was taken an hour or so ago:
“970 uploads”. The account is now up to 1,308 with fresh (and entirely random) uploads appearing constantly. Is the process automated? Perhaps – they certainly don’t seem to have taken a break from their uploading frenzy.
You can see a little more background to this one on this forum, courtesy of Mod Alexey P who pointed me in the right direction. The translation is a little off in places, but it seems one of the victims noticed lots of spam coming from their account and after a quick google saw their stolen login sitting on the Scribd page.
Unfortunately there’s no indication if their login was claimed through an infection or a phish, but whether the uploader is someone trying to make stolen logins “sociable” or some kind of automated bot gone awry there’s an awful lot of compromised accounts being put up for grabs…
Christopher Boyd