Fresh Trojan Tricks Facebook Members into Giving Away Account Details and Cash

A Trojan called Carberp created for filching banking details was recently circulating online, with its latest version customized for stealing voucher numbers from the e-money network, Ukash along with additional sensitive data published softpedia dated January 18, 2012.

Reportedly, by deceiving consumers so they'd open malware-loaded Excel/PDF files, Carberp managed to contaminate computers. Alternatively it launched drive-by download assaults on the target PCs.

In addition, according to Trusteer, Carberp posted a phony web-page onto Facebook accounts replacing the one which the accountholders accessed to inform them that their Facebook accounts had been 'tentatively locked.'

However, the accounts could be resumed once the users confirmed their identity via providing their names, passwords, birth-dates, e-mail ids and thereafter a EUR20 worth Ukash voucher's number.

Thus, the users, in addition to giving away the details of their Facebook accounts, handed over certain cash as well. Meanwhile, for arousing less suspicion, the replaced web-page assured the consumers that the cash had been included into their account balances.

Moreover, as per Trusteer, its data didn't provide concrete proof as to the number of the social network's users who might've been targeted with the new assault. However, it cautioned consumers, especially if they had e-cash accounts, towards remaining vigilant about the said scam along with its accompanying frauds that might ensnare the unwary without difficulty.

CTO Amit Klein of Trusteer remarked that the method used for the scam was pretty effective. He reminded that the victim received one genuine-looking message related to an authentic, purposeful log-in page for Facebook. Expectedly, end-users fell for it, given their trust maximal for its content, and divulged private details as also followed additional directions, Klein analyzed. TheRegister published this on January 18, 2012.

Meanwhile, as more-and-more of e-cash accounts got created, the related assaults would increase too, Trusteer forecasted, adding that Facebook and the like facilitated online-criminals with plentiful users who could be easily victimized through tricks that made them reveal secret account details.

Hence, experts advised treating unusual requests with suspicion despite them originating out of trustworthy Internet sites. Besides, browser-based security software must be used for making interaction among PCs and destination URLs, safe.

Related article: Fark.com Files Suit against Suspected Hacker from Fox13

» SPAMfighter News - 1/24/2012