Hackers Phish on Facebook Profiles

As never before hackers are now targeting Facebook, the popular networking site, which has faced its first major security breach. The attackers have been mining users' passwords and other login details using a new phishing scam.

Users who entered their login details found unusual content on their page appearing from a friend after which an apparently real Facebook link showed up. Wired News reported this on January 3, 2007. But the link led the user to a false Facebook page tracing to a .cn domain of Chinese origin. While the user logs onto Facebook on that page, it keeps a duplicate of the visitor's username and password.

On January 2, 2007, some Facebook members while checking their user accounts found unexpected messages posted on their page seeming to appear from a friend with an apparently legitimate Facebook link following. One Facebook member noticed that the URL address on his page had the domain name as '371233.cn' that made him suspicious. The tactic is a high-level phishing scam as the link poses to arrive from a legitimate person, here the user's friend.

Independently working Security Consultant Dancho Danchev said that hackers possibly harvested large number of accounts to embed malicious code that spreads infection to any visitor to the infected page. Wired News published this on January 3, 2008.

According to Danchev, if the hackers use a domain like phisher.cn, they need to canvass it so that people know about the domain, visit it and subsequently get infected. Conversely, if the attackers gain access to users' profiles where the users are sure to return, the task of infection becomes much easier.

Danchev said that he has been locating scammers who were registering to similar .cn domains to attack user accounts of MySpace. The purpose is usual - that of making money either by embedding the malicious code or selling the account details to someone else, he said.

He also said that the hacked profiles are being used to host malicious Trojan horses, for e.g., keyloggers designed to steal credit card numbers and banking passwords. They could even be used to send malware or spam out e-mails.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 1/15/2008