New Trojan Kit Steals Facebook Details

Researchers at security firm BitDefender have detected a new do-it-yourself kit created to produce customized trojans that pilfer Facebook login details, passwords stored inside browsers and even VPN credentials.

The kit is termed as "Facebook Hacker" and it is very easy to configure, just like any do-it-yourself tool crafted with the 'skiddie' [script kiddie] in mind.

According to the reports, Facebook hackers send other users an executable file (.exe) that (on clicking) will hack their log-in credentials and secretly e-mail it again to the sender. Unlike other programs that secretly observe keystrokes to steal critical information, passwords and other details, this one does not ask the victim to type anything at all.

Besides, the program looks for any usernames and passwords saved by the web browser. This implies that e-mail and other website information could be stolen as well.
There are predefined settings for Hotmail and Gmail. There is the option to change the default file name or have the Trojan display a forged message. The kit is probably easy to use, but the malware has a high level of sophistication.

It has a hardcoded list of anti-virus and network monitoring products which are blocked if they are found running on the victim's system.

Paul Ducklin, Asia Pacific Head of Technology at Sophos, states that the best solution to this problem is to disable the features of auto-remember or auto-complete in all programs such as web browser, as per the reports by news.com.au on August 18, 2010.

Meanwhile, security experts state that scams spreading through Facebook and hacks attacking the social networking website are hampering the security of people's private data and several users are victimized.

Presently, Facebook is facing many other concerns within- the 'like' button which (on clicking) signs the user as a fan and further promotes it to all their other friends, the bait-and-switch scam and the latest 'install dislike button' that exploits the user's profile.

Ducklin further adds that the Web is a fun but that does not imply that the user become careless. Ducklin said - security appears to be an persistent issue; people have to be both responsible and wise.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 8/25/2010