October 27th, 2009

Malware ads served from Gizmodo

Posted by Ryan Naraine @ 10:04 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Facebook, Flash, Locally Running Web Servers, Malware, Passwords, Social Networking Applications, Spam and Phishing, Spyware and Adware

Tags: Advertisement, Blog, Malware, Gizmodo, Ryan Naraine

[ UPDATE: Dancho has more details on this attack ]

Popular gadget blog Gizmodo has acknowledged falling victim to an “elaborate scam” that served malicious ads for scareware (fake anti-virus) to its readers.

In an apology posted online, Gizmodo said the its ad sales team was tricked into running malicious ads purporting to be from Suzuki.  Read the rest of this entry »

October 27th, 2009

Facebook password-reset spam is Bredolab botnet attack

Posted by Ryan Naraine @ 8:27 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Facebook, Locally Running Web Servers, Malware, Microsoft, Passwords, Phishing, Social Networking Applications, Spam and Phishing, Spyware and Adware, Viruses and Worms

Tags: Facebook, Spam, Attack, Virus Hunter, Cyberthreats, E-mail, Identity Theft, Security, Viruses And Worms, Online Communications

Virus hunters are raising the alarm for a large-scale spam attack that uses fake Facebook password-reset messages to trick PC users into downloading a dangerous piece of malware.

The malicious executable is linked to the Bredolab botnet, which has been linked to massive spam runs and identity-theft related attacks. Read the rest of this entry »

October 14th, 2009

New Koobface campaign spoofs Adobe's Flash updater

Posted by Dancho Danchev @ 7:11 am

Categories: Adobe, Anti Virus, Botnets, Browsers, Facebook, Flash, Hackers, Malware, Passwords, Social Networking Applications, Web 2.0

Tags: Adobe Systems Inc., CAPTCHA, Facebook, Malware, Social Engineering, Koobface, Spyware, Adware & Malware, Cyberthreats, Security, Dancho Danchev

Earlier this week, the botnet masters behind the most efficient social engineering driven botnet, Koobface, launched a new campaign currently spreading across Facebook with a new template spoofing Adobe’s Flash updater embedded within a fake Youtube page.

The malware campaign is relying on compromised legitimate web sites, now representing 77% of malicious sites in general, and on hundreds of automatically registered Blogspot accounts with the CAPTCHA recognition process done on behalf of the users already infected by Koobface, compared to the gang’s previous reliance on commercial CAPTCHA recognition services.

Here some of the most popular messages posted on Facebook for the time being:

Read the rest of this entry »

August 6th, 2009

Twitter knocked offline by DDoS attack; Koobface returns with a twist

Posted by Ryan Naraine @ 9:46 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Facebook, Flash, Malware, Punditocracy, Responsible disclosure, Social Networking Applications, Spam and Phishing, Viruses and Worms, Vulnerability research, Web 2.0

Tags: Kaspersky Lab, DOS, Twitter, Attack, Koobface, Security, Spyware, Adware & Malware, Cyberthreats, Ryan Naraine

Popular microblogging service Twitter was knocked offline for an extended period this morning by what appears to be a massive distributed denial-of-service attacks.

Twitter confirmed the outage was linked to malicious attackers in a brief status message posted around 11:00 a.m EST.
Read the rest of this entry »

August 4th, 2009

U.S. Marines ban Facebook, MySpace, Twitter

Posted by Ryan Naraine @ 10:17 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Facebook, Locally Running Web Servers, Malware, Passwords, Responsible disclosure, Social Networking Applications, Spam and Phishing, Spyware and Adware, Viruses and Worms, Zero-day attacks

Tags: Web, Facebook, Network, Twitter, MySpace, U.S. Marine Corps, Social Networking, Channel Management, Networking, Security

The U.S. Marine Corps has slapped an immediate ban on the use of social networking sites on its network, warning that sites like Facebook, MySpace and Twitter are a “proven haven for malicious hackers and content.”

The ban, contained in an order issued Monday, will last for a year.  It specifically mentions Facebook, Twitter and MySpace although it applies to what is described as “Web-based services that allows communities of people to share common interests.”

Read the rest of this entry »

July 7th, 2009

Koobface worm joins the Twittersphere

Posted by Dancho Danchev @ 2:00 pm

Categories: Anti Virus, Botnets, Browsers, Facebook, Hackers, Malware, Passwords, Social Networking Applications, Web 2.0

Tags: Worm, Twitter, Koobface, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Cybercriminals are experimenting with a new feature introduced in one of the latest Koobface variants - the ability of the worm to hijack the Twitter accounts of infected users and post tweets in an attempt to infect their followers.

According to researchers from TrendMicro, once the infected user attempts to log into Twitter, Koobface hijacks the session and posts a tweet on behalf of the user.

Would this novel feature allow the worm to spread even more efficiently? It largely depends on whether or not they’d remove the beta label from it, and go mainstream with the feature.

Read the rest of this entry »

May 15th, 2009

56th variant of the Koobface worm detected

Posted by Dancho Danchev @ 10:46 am

Categories: Anti Virus, Botnets, Browsers, Facebook, Hackers, Malware, Social Networking Applications, Web 2.0

Tags: Dancho Danchev, Malware, Social Engineering, Worm, MySpace, Koobface, Cyberthreats, Social Networking, Spyware, Adware & Malware, Web Site Development

Researchers from PandaLabs are reporting on the detection of the 56th variant of the Koobface worm (Boface.BJ.worm), spreading across Facebook, Tagged, Friendster, MySpace, MyYearBook, Fubar.com, Hi5 and Bebo since May, 2008.

According to the company, the growth of Koobface related infections is as high as 1,200% since the first time it was detected over an year ago, where almost 40% of the infections based in the U.S, with the growth trend also confirmed by Microsoft’s Malware Protection Center.

Read the rest of this entry »

April 29th, 2009

Identity thieves take aim at Facebook users

Posted by Ryan Naraine @ 1:04 pm

Categories: Anti Virus, Browsers, Data theft, Exploit code, Facebook, Hackers, Passwords, Privacy, Social Networking Applications, Viruses and Worms

Tags: Facebook, Identity Thieve, Social Networking, Phishing, Security, Online Communications, Marketing, Advertising & Promotion, Spam And Phishing, Ryan Naraine

Identity thieves are currently launching a massive attack on Facebook, using fake log-in pages to hijack usernames and passwords.

The attackers are using Facebook’s mail system to send a one-line message luring users to “fbaction.net,” a site that clones the social networking site’s log-in screen.

Read the rest of this entry »

April 21st, 2009

Google's CAPTCHA experiment and the human factor

Posted by Dancho Danchev @ 4:00 am

Categories: Botnets, Browsers, Complex Attacks, Facebook, Hackers, Malware, Phishing, Social Networking Applications, Spam and Phishing, Viruses and Worms, Web 2.0, Web Applications

Tags: Security, Google Inc., GOOG, CAPTCHA, Grassroot, Crowdsourcing, Human-Based Computation, Dancho Danchev

Any research is prone to irrelevance if it starts with the wrong research questions, takes the wrong perspective, or in this case, attempts to fight the wrong enemy - automated bots attempting to recognize CAPTCHAs.

Researchers at Google recently released a paper detailing a new CAPTCHA system consisting of correct image rotation (Socially Adjusted CAPTCHAs) whose main purpose is to make it easier for humans, and much harder for bots to recognize them. But with the emphasis of this and many other research papers on  “bots vs CAPTCHAs”, the research excludes a growing trend to which the new approach — if implemented — would actually make the new CAPTCHA much more efficiently abused than the previous one.

How come? Despite the persistent attempts by malware infected hosts to recognize CAPTCHAs, at the end of the day, a data entry team capable of solving 200,000 CAPTCHAs and charging $2 per 1000 entries ultimately drives the CAPTCHA solving economy.

Read the rest of this entry »

December 15th, 2008

Four XSS flaws hit Facebook

Posted by Dancho Danchev @ 12:02 pm

Categories: Anti Virus, Browsers, Facebook, Hackers, Malware, Passwords, Pen testing, Privacy, Social Networking Applications, Spyware and Adware, Web 2.0

Tags: Security, Facebook, XSS, Cross Site Scripting, Malicious Script, Malicious iFrame, Cookie Stealing, Dancho Danchev

Project XSSed, the clearing house for cross site scripting flaws has just released details on four flaws affecting Facebook’s developers page, iPhone login page and the new users registration page, potentially assisting malicious attackers into adding more legitimacy to their campaigns. With yet another critical XSS flaw hitting Facebook in May earlier this year, what’s the potential exploitability of such flaws if any in the wake of the ongoing Koobface worm’s rounds across the social networking site?

Read the rest of this entry »