Results 1 to 11 of 11

Thread: Microsoft warns of new Trojan hijacking Facebook accounts

  1. Header
  2. Header-68

BLiNC Magazine, always served unfiltered
  1. #1

    Microsoft warns of new Trojan hijacking Facebook accounts

    Malware focusing on the social network's users in Brazil masquerades as a legitimate Google Chrome extension and Firefox add-on.
    Steven Musil
    by Steven Musil
    May 12, 2013 4:30 PM PDT


    Microsoft has issued a warning that a new piece of malware masquerading as a Google Chrome extension and Firefox add-on is making the rounds, threatening to hijack Facebook accounts

    First detected in Brazil, Trojan:JS/Febipos.A attempts to keep itself updated, just like normal, legitimate browser extensions, Microsoft noted in a security bulletin late Friday.


    Once downloaded, the Trojan monitors whether the infected computer is logged into a Facebook account and attempts to download a config file that will includes a list of commands for the browser extension. The malware can then perform a variety of Facebook actions, including liking a page, sharing, posting, joining a group, and chatting with the account holder's friends.

    Some variants of the malware include commands to post provocative messages written in Portuguese that contain links to other Facebook pages. The number of likes and shares on one such page grew while malware experts at Microsoft were analyzing the Trojan, suggesting that the infections are continuing to occur.

    Microsoft did not indicate how the malware installs itself or how many infections might have occurred.

  2. #2

    Re: Microsoft warns of new Trojan hijacking Facebook accounts

    Hackers send bogus tweets from '60 Minutes' account
    by Edward Moyer

    CBS News confirms that the Twitter feeds for "60 Minutes" and "48 Hours" were hacked. Phony tweets accused the U.S. of aiding terrorists.

    The Twitter accounts for CBS News programs "60 Minutes" and "48 Hours" were used by hackers earlier today to send out messages accusing the U.S. of aiding terrorists, the network confirmed.

    "We have experienced problems on Twitter accounts of #60Minutes & @48Hours; We apologize for the inconvenience; Twitter is resolving issues," read a tweet from @CBSNews. Read another from @60Minutes: "PLEASE NOTE: Our Twitter account was compromised earlier today. We are working with Twitter to resolve."

    Bogus messages tweeted from the hacked accounts included this one from the @60Minutes account:

  3. #3

    Re: Microsoft warns of new Trojan hijacking Facebook accounts

    New malware variant targets Uyghur Mac users

    by Topher Kessler
    April 25, 2013 11:16 AM PDT

    Yet another malware variant is being sent to Uyghur activists via e-mail spam; however, for updated systems the threat is nonexistent.

    One of the ongoing malware sagas is a political fight that is targeting Uyghur activist groups in China, where spam e-mail laced with backdoor Trojan horse malware has been continuously delivered to members of these groups in an Advanced Persistent Threat attack.

    This week, security company F-secure uncovered yet another variant of this attack being used.

    Like prior ones, the new variant takes advantage of old vulnerabilities in Microsoft Word, by sending attachments that will embed the malware in the affected system if the document is opened in an unpatched version of Word.

    The malware used has changed a little over the past year, with some versions using Trojans embedded in ZIP files, and others exploiting Word vulnerabilities. F-secure's report shows this latest attempt uses a Word document called "poadasjkdasuodrr.doc," though any document name can likely be used. When opened, the malware contained in it will install two files that attempt to pose as update components to RealPlayer, in the following locations:

    ~/Library/Application\ Support/.realPlayerUpdate
    ~/Library/LaunchAgents/realPlayerUpdate.plist

    Since these folders are within the user account, the malware used in this attack variant can install itself without user passwords being required. However, another mode of attack does ask for authentication; if it gets it, the malware will then be placed in the global Library folder instead, so it will run for every user on the system.
    Related stories

    Using the "launchagent" file, the system will keep the hidden malware in the Application Support folder running, and will attempt connections to a command-and-control server at the URL alma.apple.cloudns.org.

    There are easy ways to help detect and delete such malware (though again, these particular attacks target certain groups and the threat to most Mac users is minimal). First, with general safe computing practices you can avoid obvious spam messages, and be sure to only open attachments that are from trusted sources. Additionally, these attacks often exploit known vulnerabilities that have been patched, so always keep your operating system and installed applications up-to-date.

    In addition, these attacks use very common and easy-to-detect modes of keeping the malware active on an OS X system, by way of the system launcher folders, which include the various LaunchAgent and LaunchDaemon directories in the system, global, and user libraries. By setting up a monitoring routine that will alert you when a new item is added to these folders, you can keep on top of what programs are attempting to automate or schedule background routines.

    Additionally, you can take the extra step and install a reverse firewall such as those offered by Objective Development's Little Snitch and Intego's VirusBarrier suite, to keep tabs on any program that is trying to phone home to remote servers, and block or otherwise manage the attempt.

  4. #4

    Re: Microsoft warns of new Trojan hijacking Facebook accounts

    Traces of malware activity detected in App Store game

    by Topher Kessler
    May 3, 2013 10:35 AM PDT

    A suspicious iframe link has been detected in an App Store program. Here's why you shouldn't worry.

    MacWorld is reporting that a program on the iOS App Store may be detected as containing malware, but in analysis the program is not considered to be malicious.

    After its readers wrote in about the potential of malware in a game called Simply Find It that is available on the iTunes App Store, MacWorld confirmed traces of nonfunctional Trojan horse malware embedded in an MP3 file used by the program, which shows an HTML iframe reference to a potentially malicious (but currently unresponsive) Web page.

    This is not the first time that malwarelike activity has been found in programs in the iTunes store. In July 2012, Windows-based malware was found embedded in the iOS store, likely from the developers' systems being exposed to the malware during testing.

    This latest finding shows Trojan-like behavior in the program; however, it's really not currently a threat to Mac or iOS users. The malware activity is so far identified by a single HTML string in a file that points to a potentially malicious Web page. The program does not appear to make any use of this string, suggesting the program or this file was simply affected by malware at some time during development, as opposed to containing an active threat.
    Related stories


    Is this Apple's fault? In its testing, MacWorld found the program is not flagged by several other anti-malware tools. Apple tests the App Store programs thoroughly to see how they behave when run by consumers, but given that this iframe link is a benign and nonfunctional appendage to the program, it could have been overlooked like any other piece of nonfunctional metadata.

    Ultimately, this threat can be more accurately described as a suspicious but nonfunctional embedded link from traces of prior malware activity that might cause some malware-scanning tools to flag the program, but as security expert Rich Mogul mentioned to MacWorld, "A malware link that never runs isn't a threat," so overall iOS users should have nothing to worry about.

  5. #5

    Re: Microsoft warns of new Trojan hijacking Facebook accounts

    No Facebook privacy for cheaters (or anyone else)

    (MoneyWatch) Ever hear of a Facebook (FB) app called Bang With Friends? It's supposed to be a "simple, fun way" to find which of your Facebook friends are open to a dalliance.

    Some may find it simple and fun, but private? Not at all -- because of Facebook. A simple search can reveal which of a person's Facebook friends use the app. But the issue is much bigger than this one service. Facebook's long history of privacy challenges hasn't resulted in a more airtight system. In fact, the company's need to significantly increase revenue has pushed it in exactly the opposite direction, often without the knowledge of the users.

    So far, Facebook's privacy problems haven't seemed to matter with users, who keep coming back to the service. But new developments keep challenging personal privacy. One of them is Facebook's Graph Search, which lets you find friends with particular interests and activities.

    When the feature first appeared, various experts and outlets suggested tightening down various privacy settings, such as who can see your posts, who can tag you in photos, and who can search for you on Facebook. There was also, and continues to be, significant misinformation about problems and solutions.

    But Bang With Friends shows how reality can quickly outstrip advice. Not only can you search for images and posts of friends, but you can look into the pages they like and the apps they have registered for. If you are logged into Facebook and click this link, you run a search on all friends who use Bang With Friends.

    According to the vendor of the app, the issue is restricted to those who download the app before January 2013. At that point, it relied on a Facebook user's default privacy settings. Now it only allows the users to see the connection.

    But that doesn't necessarily help those who had already downloaded. As social media, marketing, and PR consultant Peter Shankman wrote in a Facebook post:

    To the 43 of my friends who currently use the hookup app "Bang With Friends," including the 15 of you who are married, you should know that it's FAR from as private as you think. How do I know? Because this just got published. http://www.dailydot.com/lol/bang-wit...cebook-glitch/ Ouch.

    As he said in an email, "Of course, my '43' friends who use that have dropped to six as of this morning."

    But what other conclusions could people draw, given lists of friends, interests and causes "liked"? These are the principles behind so-called big data. If marketers can paint a picture of who you are and what you do given online activities, so can clever Facebook friends, many of whom may not actually be friends.

  6. #6

    Re: Microsoft warns of new Trojan hijacking Facebook accounts

    The war for mobile messaging is on
    Start-up mobile messaging apps have surged, displacing traditional SMS texts. Silicon Valley titans such as Google and Facebook want in on the action.

    May 11, 2013, 8:00 a.m.

    SAN FRANCISCO — WhatsApp is one of Silicon Valley's most buzzed-about companies, yet it actively avoids the spotlight, operating out of a small office in Mountain View, Calif., with no sign on the building entrance or on the office door.

    Unlike most start-ups eager for media attention, WhatsApp Inc. says it doesn't want or need it. Its popular mobile messaging app has spread so quickly by word of mouth that in just four years it has amassed hundreds of millions of users who collectively send as many as 18 billion messages a day.

    WhatsApp belongs to a new generation of messaging services that are revolutionizing 20-year-old text messaging technology and escalating the mobile messaging wars.

    "In many countries, consumers have decided they prefer these mobile messaging apps," said Tero Kuittinen, an analyst with mobile diagnostics firm Alekstra.

    Now they are taking the U.S. by storm. That's particularly worrisome to wireless carriers that have already lost billions in revenue from customers shifting from text to so-called instant messages such as Apple Inc.'s iMessage service, which each day delivers 2 billion messages free of charge.

    But the growing popularity of these mobile apps is not good news for the Silicon Valley tech giants either. Analysts say people use the apps to connect with their closest friends and relatives, creating a new more intimate social network that could rival Facebook Inc. and Google Inc. for the attention of hundreds of millions of users and, eventually, advertising dollars.

    Messages sent using the mobile apps, which are offered by third-party developers and downloaded to smartphones, are not limited to 160 characters the way text messages are. They also enable users to be more creative with scribbled notes, doodles and emoji pictograms that express thoughts and emotions that the typed word sometimes cannot. Some apps are adding games and other distractions to hold people's attention even longer.

    Many of the apps are free or charge a small subscription fee — WhatsApp charges $1 a year.

    When Nick Meyer, a 22-year-old graduate student at North Carolina State University, is on his iPhone 4, he's mostly using an app called Kik to chat with friends, he says. Each day he sends a few hundred messages, yet never messages friends on Facebook unless he's sitting at his computer.

    "Mobile is going to be the main form of communication. In some ways, it already is," Meyer said.

    With the explosion in worldwide sales of smartphones, these apps are already the go-to messaging tool in Europe and Asia, where they have taken a big bite out of texting traffic and profits that text messages generate for wireless carriers. Wireless carriers lost a total of $23 billion in texting revenue as of the end of 2012, research firm Ovum estimates.

    Research firm Informa says people are now sending more messages over mobile apps such as WhatsApp than they are text messages — and the trend is accelerating. By the end of this year, traffic from mobile messaging is expected to be more than double that of traditional SMS texts. CTIA — The Wireless Assn., a wireless communications industry group, recently found that Americans sent 2.2 trillion SMS text messages last year, down 5% from 2011.

    The trillions of messages from around the globe that run through WhatsApp alone each year already surpass the texting volume of all top four U.S. wireless carriers combined, telecommunications consultant Chetan Sharma said.

    MessageMe, a free app, launched in March. A week later it had 1 million users. Its most active users send 30,000 messages a day, the San Francisco company said.

    "I didn't know that was physically possible," MessageMe co-founder Arjun Sethi said.

    In mobile, messaging has emerged as the "killer" app, said Ted Livingston, chief executive of Kik Interactive Inc., a Canadian start-up that last month announced it had raised an additional $19.5 million in funding. Kik has 50 million users and adds 200,000 users each day, Livingston said.

    Popular apps in the U.S. include WhatsApp, Kik and MessageMe. Kakao Inc.'s KakaoTalk and Tencent Holdings Ltd.'s WeChat are hot in Asian markets.

    One popular Asian app is making aggressive moves into the North American market. Line, an app with which users can play games and send virtual "stickers," reached 100 million users in 19 months. Facebook took about three times as long to reach that level.

    Both Facebook and Google reportedly approached WhatsApp about a possible buyout. WhatsApp declined to comment on that but said it plans to remain independent.

    Mobile messaging apps work like this: Users download the app to their smartphone and set up a personal profile. They invite friends and family members to download the app to their devices. Then they send one another elaborate messages, which travel over Internet data networks, not over cellular networks the way standard text messages do.

    Jan Koum, co-founder and CEO of WhatsApp, says mobile messaging apps make communication richer by making it more personal.

    "Fundamentally mobile messaging is personal and real time," Koum said.

    And more creative, says Jessica Jiang, 23, a Web graphic designer from San Jose. Jiang uses Line for the virtual stickers and MessageMe to draw pictures or to doodle on the pictures her friends send to her.

    "I use these apps mainly for the convenience and efficiency — the way that you can stay in the same app while sending videos, iTunes music and also photos. It also gives us a personality and expression that you can't get with just plain text," Jiang said.

    That's a big driver behind the success of mobile messaging apps, said Dave Morin, CEO and co-founder of mobile social networking service Path.

    "People desire a more expressive way to communicate with mobile phones than through basic text messaging," Morin said.

    Mobile messaging began sweeping Asia and Europe as data networks became more robust and the global economic crisis in 2008 spurred interest in cheaper alternatives. Gradually in market after market, mobile messaging began to cannibalize standard texting, analysts say. Then it started to grab time and attention away from popular messaging services from Facebook, Google and Apple too.

    "The smartest, brainiest companies in the world were completely out to lunch," Kuittinen said. "These tiny start-up companies have taken hold of the market."

    Now, he said, technology giants have made mobile messaging a top priority.

    In 2011, Facebook bought group messaging app Beluga and tasked the founders with building a stand-alone Messenger app for the iPhone and devices running Google's Android software. In December, Facebook rolled out Poke, its own version of a popular messaging app called Snapchat, which lets users send messages that vanish seconds later.

    Last month the giant social network made its biggest move yet, launching Facebook Home. The software takes over the user's Android smartphone and puts the social network ahead of almost anything else on the phone's home screen, including mobile messaging apps.

    "Facebook ignored messaging for a long time until the realization sank in that some of the eyeballs are actually shifting from checking the News Feed to communications, especially in the younger demographics," Sharma said.

    Google is getting close to unsheathing its own weapon in the mobile messaging wars. It's working on a messenger service dubbed Babel, which would work on multiple smartphone and tablet brands, so the conversation could sync across a user's devices. Anyone with a smartphone or tablet running Android or Apple's iOS operating system would be able to start a "hangout" to chat face to face, reports say. Google declined to comment.

    MessageMe's Sethi predicts that mobile messaging apps will eventually shove aside other forms of electronic communication and that texting, like snail mail, will become more of a utility.

    "We want to be the replacement for everyday communication," Sethi said.

  7. #7

    Re: Microsoft warns of new Trojan hijacking Facebook accounts

    Alleged SpyEye Seller ‘Bx12 Extradited to U.S.

    A 24-year-old Algerian man arrested in Thailand earlier this year on suspicion of co-developing and selling the infamous SpyEye banking trojan was extradited this week to the United States, where he faces criminal charges for allegedly hijacking bank accounts at more than 200 financial institutions.

    Hamza Bendelladj, who authorities say used the nickname “Bx13 online, is accused of operating a botnet powered by SpyEye, a complex banking trojan that he also allegedly sold and helped develop. Bendelladj was arraigned on May 2, 2013 in Atlanta, where he is accused of leasing a server from a local Internet company to help manage his SpyEye botnet.

    A redacted copy of the indictment (PDF) against Bendelladj was unsealed this week; the document says Bendelladj developed and customized components of SpyEye that helped customers steal online banking credentials and funds from specific banks.

    The government alleges that as Bx1, Bendelladj was an active member of darkode.com, an underground fraud forum that I’ve covered in numerous posts on this blog. Bx12s core focus in the community was selling “web injects” — custom add-ons for SpyEye that can change the appearance and function of banking Web sites as displayed in a victim’s Web browser. More specifically, Bx1 sold a type of web inject called an automated transfer system or ATS; this type of malware component was used extensively with SpyEye — and with its close cousin the ZeuS Trojan — to silently and invisibly automate the execution of bank transfers just seconds after the owners of infected PCs logged into their bank accounts.

    “Zeus/SpyEYE/Ice9 ATS for Sale,” Bx1 announced in a post on darkode.com thread dated Jan. 16, 2012:

    “Hey all. I’m selling private ATS’s. Working and Tested.

    We got IT / DE / AT / UK / US / CO / NL / FR / AU

    Contact me for bank.

    can develop bank ATS from your choice.”

    The government alleges that Bx1/Bendelladj made millions selling SpyEye, SpyEye components and harvesting financial data from victims in his own SpyEye botnet. But Bx1 customers and associates on darkode.com expressed strong doubts about this claim, noting that someone who was making that kind of money would not blab or be as open about his activities as Bx1 apparently was.
    dk-symlinkarrested

    Darkode discusses Symlink’s arrest

    In my previous post on Bx1, I noted that he reached out to me on several occasions to brag about his botnet and to share information about his illicit activities. In one case, he even related a story about breaking into the networks of a rival ATS/web inject developer named Symlink. Bx1 said he told Symlink to expect a visit from the local cops if he didn’t pay Bx1 to keep his mouth shut. It’s not clear whether that story is true or if Symlink ever paid the money; in any case, Symlink was arrested on cybercrime charges in Oct. 2012 by authorities in Moldova.

    The redacted portions of the government indictment of Bendelladj are all references to Bx12s partner — the author of the SpyEye Trojan and a malware developer known in the underground alternatively as “Gribodemon” and “Harderman.” In a conference call with reporters today, U.S. Attorney Sally Quillian Yates said the real name of the principal author of SpyEye was redacted from the indictment because he had not yet been arrested.

    Interestingly, several lengthy discussion threads on darkode.com show that Bx1 himself tried to warn fellow forum members that he had been approached by individuals either working for the FBI or acting as intermediaries for U.S. federal law enforcement.

    In another thread posted Jan. 21, 2011 and titled “Feds, Feds, Feds,” Bx1 pastes an excerpt from an online chat with an interloper who describes himself as an information broker who is seeking clues about the identities of Gribodemon and a hacker who went by the screen name “jam3s,” and who is suspected of leaking the source code to the ZeuS Trojan. In that thread, Bx1 urges fellow forum members to “double encrypt” their computer hard drives and to “make a contact with a good lawyer.” Most of the forum members simply dismiss Bx1 as paranoid.

    On Nov. 29, Bx1 posted an urgent thread on darkode.com titled, “FBI are after some members.”

    “I spoke today with a friend working on FBI. he said there is an operation to find some hackers, we spoke deeply and he mention darkode. so guys, please be careful.” [see screen shot below]

    If convicted, Bendelladj faces a maximum sentence of up to 30 years is prison on charges of conspiracy to commit wire and bank fraud, as well as sentences of five to 20 years for related charges. He also faces fines of up to $14 million.

    Bx1's profile page on darkode.com

  8. #8

    Re: Microsoft warns of new Trojan hijacking Facebook accounts


  9. #9

    Re: Microsoft warns of new Trojan hijacking Facebook accounts

    Facebook OAuth flaw allows gaining full control over any Facebook account

    Read more at: Facebook OAuth flaw allows gaining full control over any Facebook account | The Hacker News
    Copyright © The Hacker News

  10. #10

    Re: Microsoft warns of new Trojan hijacking Facebook accounts

    siliconANGLE » Facebook Hacked Again: Only This Time, Anyone Can Do It
    Facebook Hacked Again: Only This Time, Anyone Can Do It
    Mike Wheatley | May 16th
    READ MORE

    You might think that hacking Facebook accounts is something that only those with advanced technical skills would be able to do. After all, isn’t Facebook supposed to have all kinds of sophisticated security systems in place to protect user’s accounts?

    Yep, it sure does, but a group of researchers at Rutger University have come across a new vulnerability that skirts around its security protocols and could potentially allow anyone – including those who lack any hacking skills whatsoever – to take control of an alarming number of Facebook accounts.

    The exploit, which is detailed in this research paper, will only work with accounts whose users who signed up to Facebook using a Hotmail account which has since expired, but according to the researchers, that still leaves up to a million accounts at risk. The exploit takes advantage of the somewhat bizarre fact that Microsoft ‘retires’ Hotmail accounts after a period of 270 days inactivity. Unlike with other email services such as Google and Yahoo however, it then allows anyone to sign up and use the old email address associated with the retired account.

    What this means, claims the researchers, is that anyone who signed up for Facebook using a since-expired Hotmail account can easily be hacked. All it takes is for someone to know that your old email account is available, sign up for it, and then send a forgotten password request to Facebook to gain access to your profile.
    Identifying Accounts Ripe For Picking



    Okay, so you’re probably thinking that it’s not a very big risk – after all, how are the hackers going to know your email address has expired in the first place? As it turns out, this information can be figured out quite easily because Microsoft unwittingly gives them the tools to do so.

    The method for discovering expired Hotmail accounts will only work for contacts on the hacker’s own Facebook profile (which is probably even more of a worry). Incredibly, all the hacker has to do is import his list of Facebook contacts to Microsoft’s Windows Live messenger service to find out which ones have expired Hotmail accounts:

    “The records in this imported list are categorized into two groups:

    1. People who are currently on Windows Live.
    2. People who are not currently on Windows Live.

    Membership in the first category signifies that the person in question has already signed up for the Windows Live service; besides, people having a Hotmail accounts are automatically signed up for Windows live. On the other hand, membership in the second category denotes that the person in question does not currently hold an active Windows Live account. Then, in case that person’s email is Hotmail email address, we can safely conclude that this email address has expired. We can then proceed to reactivate it ourselves.”

    With control of their friend’s expired Hotmail account, it then becomes possible to reset their password and become the legitimate owner of their Facebook profile in a matter of seconds.

    The researchers then went ahead and put their theory into action – starting with one of their own accounts that had 760 friends, they found that four of these were susceptible to the exploit. Having gained control of these four accounts, the hackers then applied the same discovery process to each accounts’ list of Facebook contacts, ultimately taking control of 15 different accounts before abandoning their experiment citing ‘ethical concerns’

    “We stopped our exploration after successfully gaining access to 15 accounts, which we thought sufficed to prove our point. We neither collected nor published any of the personal data we could access. Furthermore we did not change any other recovery settings. Thus, the compromised users could re-gain access to the account by using their cellphone number or answering their security question.”

    The researchers point out that neither Microsoft nor Facebook can be fully blamed for this exploit, but now it’s been made known, they need to take action to fix it. They argue that its ultimately Facebook’s responsibility to do so by providing alternative methods to reset passwords , for example, by using a combination of security questions and proof of knowledge about the account’s activities.

    [UPDATE]

    I’ve reached out to Facebook and a representative informed me that while it is possible to login to someone’s profile in this way, the vulnerability only affects a very small number of accounts. Moreover he points out that not only Facebook, but just about any kind of internet service could be hacked using this technique – Amazon, Twitter etc., if they were initially registered with a Hotmail account.

    To avoid any problems, Facebook suggests the following:

    “Users can keep themselves safe by remaining in control of their email account. It’s also important to note that we do remove email addresses that we believe to be abandoned, and even if a malicious user does manage to register an abandoned email account, we provide numerous recovery options for the victim. Additionally, we do offer other recovery options (e.g. SMS and Trusted Contacts), in keeping with best practices elsewhere on the web, we also offer an email recovery option.”

  11. #11

    Re: Microsoft warns of new Trojan hijacking Facebook accounts


Similar Threads

  1. Replies: 0
    Last Post: June 25th, 2009, 07:55 PM
  2. Replies: 0
    Last Post: June 22nd, 2009, 05:25 PM
  3. Replies: 0
    Last Post: November 23rd, 2008, 08:50 PM
  4. Replies: 0
    Last Post: November 23rd, 2008, 08:49 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •