[SecurityRatty] tag: facebook

Forgot your password? may be weakest link in web security

Wed, 27 Aug 2008 09:27:57 +0000

Almost everyone forgets a Web site password once in a while. When you do, you click on the familiar Forgot your password? link. As an experiment, Thompson recently asked a few friends for permission to "hack" into their bank accounts. Using only information gathered from Web sites such as Facebook, he found his way in to each account within minutes

Facebook Malware Campaigns Rotating Tactics

Wed, 27 Aug 2008 06:04:51 +0000

Trust is vital, and coming up with ways to multiply the trust factor is crucial for a successful malware campaign spreading across social networks. Excluding the publicly available malware modules for spreading across popular social networking sites, using the presumably, already phished accounts for the foundation of the trust factor, the recent malware campaigns spreading across Facebook and Myspace are all about plain simple social engineering and a combination of tactics.

However, in between combining typosquatting and on purposely introducing longer subdomains impersonating a web application's directory structure, there are certain exceptions. Like this flash file hosted at ImageShack and spammed across Facebook profiles, which at a particular moment in the past few days used to redirect to client-side exploits served on behalf of a shady affiliate network that's apparently geolocating the campaigns based on where the visitors are coming from.

img228.imageshack .us/img228/3238/gameonit4.swf redirects to ermacysoffer .info - (216.52.184.243) and to tracking.profitsource .net (67.208.131.124) that's also responding to p223in.linktrust .com (67.208.131.124). Just for the record, we also have halifax-cnline.co.uk parked at 216.52.184.243, 69.64.145.229 and 69.64.145.229, known badware IPs related to previous fraudulent activity.

Moreover, cross-checking this campaign with another Facebook malware campaign enticing users to visit whitneyganykus.blogspot .com where a javascript obfuscation redirects to absvdfd87 .com and from there to the already known tracking.profitsource .net/redir.aspx?CID=9725&AFID=28836&DID=44292, and given that absvdfd87.com is parked at the now known 69.64.145.229, we have a decent smoking gun connecting the two campaigns.

Facebook is often advising that users stay away from weird URLs, does this mean ignoring ImageShack and Blogspot altogether? The next malware campaign could be taking advantage of DoubleClick and AdSense redirectors - for starters.

Facebook Worm Still Going Strong

Mon, 25 Aug 2008 05:57:04 +0000

A colleague of mine had a private message sent to them on Facebook yesterday from the account of a friend. The message is related (of course) to the recent Facebook worm:

Click the link, and you'll see something like this:

Click to Enlarge

Yes, it's Ye Olde Fake Codec installer, hosted on what appears to be a hacked website. As always, pay close attention to what you're being sent from your friends. If it doesn't seem like something they'd send you, that's probably because they didn't...

Pass It On!

Mon, 25 Aug 2008 04:33:50 +0000

Another day, another useless message being kicked around Facebook:

If you see this, please - ignore it and tell your friends off for sending it to others in the first place ;)

Dont click that link, think first.

Wed, 20 Aug 2008 21:15:43 +0000

If the links not from someone you trust, dont click it!

clipped from it.toolbox.com

New Social Malware hits the street

As social malware goes, this is a good delivery mechanism for getting people to click on links. Most of us have learned that clicking on links from people who you do not know is generally not a good idea. Spinning up the social aspect of malware delivery, using MySpace and Facebook friends should result in a better penetration of the malware because we are used to clicking on links from our friends.

Facebook Attacked By Viral Social Networking Spam From China

Wed, 20 Aug 2008 06:42:33 +0000

Websense Security Labs published a research of recent Facebook phishing email picked up by their “Honeyjax” system recently. Websense has been tracking various Facebook attacks for years, althoughh attacks on Facebook and MySpace in the last few weeks are nothing new. There have been continual, targeted Facebook attacks for some time now. The attack starts with [...]

Facebook faces class-action suit over Beacon

Tue, 12 Aug 2008 20:00:00 +0000

A class-action suit filed in California charges Facebook and a handful of other companies, including Blockbuster, Fandango and Overstock, with violating online privacy and computer fraud laws related to Facebook's controversial Beacon system.

Marketing Bot Allows Insertion of Custom Facebook Feed Messages

Mon, 11 Aug 2008 09:26:48 +0000

The Facebook News Feed is something that tells everyone on your friend list what both you (and everyone on your friend list) is doing, and it's the first thing you see when you login:

Click to Enlarge

Effectively, it takes bits and pieces of all the smaller feeds and rolls them into one. However, imagine instead of the above in your feed, you see something like this:

Click to Enlarge

Those are customised messages inserted into your feed - and there's a good chance everyone on your Friends list will see it on their own feed when they login to Facebook.

This would happen because someone has made a Bot for Facebook that allows you to insert your own custom message / image / clickable link into your Facebook feed. I've no idea if this is against the Facebook Terms of Service or not, but I can only imagine the chaos that would ensue if someone purchases this application then decides to use it for nefarious purposes. It's being promoted as a sales / marketing tool, but from a security standpoint it seems potentially disastrous.

If a bad actor buys their own Bot, imagine the Myspace-style spam campaigns that could take place...everything from malicious URLs to obnoxious flashing banners could be the order of the day. At the very least, one would hope the makers of this Bot have some quality control going on with regards Bot owners. More here.

/ Hat-tip to LoLo

FaceBook Under Massive Phishing Attack From China

Mon, 11 Aug 2008 04:20:01 +0000

Facebook is under attack with numerous phishing scams and it looks like the network effect is coming into full swing to allow the prolification of these scammers to spread virally. The worrying thing about these scams is that they are increasingly sophisticated.

Facebook stamps out malware attack

Fri, 08 Aug 2008 09:00:00 +0000

Facebook has blocked a malware attack targeting unsuspecting users via postings on the site's Wall feature.