Hackers steal 135,000 passwords from Vkontakte.ru visitors

Vkontakte.ru a highly popular social-networking website in Russia has been compromised with almost 135,000 passwords and logins stolen from its users.

Says Kaspersky Lab an anti-virus company in Russia, the Vkontakte.ru user data were hacked primarily through a fraudulent 'phishing' site. Users were diverted onto this site, which resembling the original Vkontakte.ru site, encouraged them to enter their account login details following the use of a contaminated program on the rogue site.

Furthermore, according to Mikhail Vasin spokesman of Kaspersky, the attackers disrupted the Vkontakte.ru computers via planting on them a Trojan virus, which altered their files that led to the enormous information theft. The Moscow Times reported this on August 4, 2009.

Besides, researchers at Trend Micro another security company also stated that they too uncovered the hoax edition of Vkontakte.ru, adding that visitors to this hoax site were in danger of divulging personal credentials for logging in to an unrelated party.

States Trend Micro that the notorious UkrTelegroup's fake DNS servers relate the domain name of www.vkontakte.ru to an unfamiliar IP address. Also these fake servers are under the control of highly prevalent DNS Changer trojans such as TROJ_DNSCHANG, which reconstruct DNS configurations on victims' computers to link them up with unfamiliar IP addresses.

Moreover, victims of DNS trojans are in real danger, as people behind the malicious DNS servers could divert them onto any website, putting them at risk of malicious URLs, fraudulent traffic or information theft.

Meanwhile, aside the leakage of personal information, visitors to the hoax www.vkontakte.ru site also find a window on their screen that touts another social-networking website named youdo.ru via a third-party site called youdoitnow.ru.

Notably, the online statistics portal Comscore.com reveals that Vkontakte.ru receives approximately 14.3m visitors each day i.e. twice the number for its nearest competitor Odnoklassniki.ru. Also, according to Comscore.com there are 35m registered users on the site.

Meanwhile, researchers at Kaspersky have said that users must look out for schemes that try to turn the data to their advantage, as miscreants could seek SMS messages from users, claiming account reactivation, but actually steal personal details like bank account number.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 8/20/2009