Apparently hackers have thier own eBay sort of site with exploits offered via a SaaS model. According to Finjin:
Here’s how it works: The software uses an eBay-like trading interface to qualify the stolen accounts in terms of the country where the server is located and the Google page ranking of the compromised server. Cybercriminals use the information to set a price for the compromised FTP credentials so they can be resold to other cybercriminals or adjust an attack on more prominent sites. The software also allows cybercriminals to use the FTP credentials to automatically inject HTML IFrame tags into Web pages on the compromised server.
“Software as a service (SaaS) has been evolving for sometime, but until now it has been applied only to legitimate applications. With this new trading application, cybercriminals have an instant ‘solution’ to their ‘problem’ of gaining access to FTP credentials and thus infecting both the legitimate Web sites and its unsuspecting visitors. All of this can be easily achieved with just one push of a button,” said Yuval Ben-Itzhak, CTO of Finjan.
Technically speaking, shouldn’t this be an Exploit as a Service (EaaS). Or perhaps a Hack as a Service (HaaS)?
Still scary stuff.