Malicious Phishing Attack Targets Facebook
Security researchers at the security firm 'Kaspersky' have recently unveiled a Facebook phishing attack that is apparently exploiting the much-admired chat feature of this social networking website.
Enlightening the recent malicious attack, Kaspersky elaborated that a computer worm propagates through Facebook instant messenger; similar to various other Facebook worms.
The fake message says: "Is this you?". The fake message is enclosed with a link to the malicious Facebook application. This Facebook application is quite simple and it uploads fresh content into an iFrame. The page uploaded within the iFrame is a simple phishing website that asks users for their Facebook login credentials so as to enable users view some fresh content.
David Jacoby (Kaspersky researcher), who detected the computer worm was inquisitive and poked around the server to gain access over some general directories so that he could gain some further information regarding the computer worm's activity, and he discovered that one was having the Apache (web server) access logs (details of total visits and visitors and requests that have used the Apache web server).
According to the researcher, this log indicated towards a frequently queried file named acc.txt.
Jacoby highlighted that, he downloaded acc.txt and noticed that the file had stolen accounts. He noticed in the first version of acc.txt, which he downloaded that the attacker had gathered more than 3000 accounts, as reported by Softpedia on October 26, 2010. He further stated that, he downloaded the acc.txt within a five minutes gap and after 20 minutes he noticed that the number of stolen accounts increased from 3000 to above 6000.
The hacked login credentials were probably utilized through automatic scripts to send extra Facebook chat spam and expand the attack's penetration.
Distressingly, these recent attacks have shown that despite their uncomplex technique they have managed to penetrate the social networking environment with their effective designs.
Luckily, Facebook's Security team was cautioned by Jacoby and they (Facebook) immediately removed the malicious webpage. Facebook also managed to reset the passwords on the hacked accounts.
Finally, users who feel that their accounts have been hacked are suggested to reset their passwords and to end any active session that can be found in the account security section in the account settings.
Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected
» SPAMfighter News - 05-11-2010