From the category archives:

Privacy And Security

Malware-Laden Chrome Extension Hijacks Facebook Profiles

March 26, 2012

Kaspersky Lab cautions about malware-laden Chrome extensions, that are being uploaded and hosted on Google’s Chrome Web Store.

chrme ext 300x139 Malware Laden Chrome Extension Hijacks Facebook ProfilesThe malware in question is  pretends to be a Flash Player installer but instead downloads a Trojan. Once installed, it takes control of a user’s Facebook profile and starts posting messages encouraging the victim’s friends to install the same extension. It also starts to automatically Like certain pages.

This, according to Fabio Assolini, is part of a pay-per-Like scheme that helps the attackers to cash in.

The attacks starts off as suggestions to download Facebook apps. The suggestions comes with messages saying your friends have also downloaded the same app.

This extension and its variants were found to be largely confined to Brazil and other Portuguese-speaking nations.

This trick is neither new nor specific to Chrome browser. However, it is easier for users to fall for it since the extension is distributed from trusted place like  the official Chrome Web store.

The extension was notified to Google and was duly removed. But, new variations of the extensions are being reportedly uploaded by the scammers on a regular basis.

So, users will have to use their best judgement and stay informed in order to stay safe from the millions of scams on the Internet that are doing the rounds.

Remember this for future reference. Adobe Flash Player is a plug-in and not an extension, and it is installed outside the browser.

{ 0 comments }

Cyber-Spies Tried to Harvest Information by Posing As NATO Commander

March 13, 2012

Cyber-spies allegedly based in China have been accused of targeting NATO’s top-ranking military commander using Facebook.

Attackers created fake accounts on the social networking site that appeared to belong to Admiral James Stavridis, Supreme Allied Commander Europe (Saceur) in a bid to harvest information from his friends.

Senior British Defence staffs are understood to have accepted ‘friend requests’ from the bogus account, according a report on The Telegraph UK.

Apparently, NATO is aware of the bogus accounts pretending to belong to Stavridis, but refused to divulge information regarding the people behind the attack. But, it is understood that the evidence points toward “state-sponsored individuals in China.”

The report says that although it is unlikely that any genuine military secrets were found, it is not known how much information was harvested, and any personal details could be used to create profiles of targets for blackmail or espionage.

Following the incident, NATO is said to have advised senior officers and officials to open their own social networking pages to prevent a repeat of the security breach.

The fake profile had been reportedly taken down by Facebook.

{ 1 comment }

You Can’t Change Your Facebook Theme to Pink

February 29, 2012

Do you know you can change the color of your Facebook from its traditional blue to pink?

Pink Facebook You Cant Change Your Facebook Theme to Pink

Well, this is what you might have or will come across on your feeds/network on Facebook. But, you can’t, so don’t fall for it.

Unfortunately, it looks like a lot of users are falling for it, and the scam is spreading fast on Facebook with post such as:

AWESOME!!!

HELLO PINK FACEBOOK!!! and Goodbye BLUE FACEBook!

Switch Your Facebook to 5 Different colors and themes here:

[LINK]

This is just another clever gimmick from scammers to coerce users into installing the app. Once installed, the app will be able to access the user’s account and spread the scam further by posting messages to lure you friends on your network.

As with most scam apps, users are taken through a series of steps and ultimately land them at an online survey page through which the scammers earn commission.

If you have already installed or given permission to the app, take some time to revoke the permission given to the app and remove any reference the app from your Timeline.

{ 0 comments }

Study: Facebook Users Getting More Privacy Aware

February 25, 2012

Are American Facebook users becoming decidedly unfriendly or are they becoming more privacy aware?

I believe it’s the latter. According to a report released Friday by Pew Internet & American Life Project, an increasing number of American social network users are managing their privacy settings and their online reputations by pruning their profiles.

The study found that:

  • 37% untagged photos, up from 30% in 2009
  • 44% deleted comments, up from 36^ in 2009
  • 63% unfriended someone, up from 56% in 2009

Other interesting findings of the study include:

  • Women are much more likely than men to restrict their profiles; 67% of women set their profiles to “friends only” while 48% of men did the same.
  • Regardless of gender, 58% of social network users say their profile is set to “friends only”, 19% to “friends of friends”, and 20% to “public”.
  • When it comes to managing privacy controls, half of the social networkers found it easy, 48% found it a bit difficult to manage. Only 2% of social media users describe privacy controls as “very difficult to manage”.
  • Young adults were more likely to delete unwanted comments than older people; 52% of users aged 18-29, 40% of those aged 30-40, and 34% of people aged 50-64 said they have deleted comments made on their profile by others.
  • Men are more likely to post something they later regret; 15 percent of male respondents said they posted something regrettable, compared to 8 percent of female respondents.
  • Agewise, it was the younger lot who were more likely to post something regrettable; 15 percent of the respondent aged 18-29 and 5 percent of people over 50 falls under the category.
  • The report found no significant differences in people’s basic privacy controls by age. The younger lots as well as their older counterparts were just as likely to use privacy controls, with figures standing at 62% and 58% respectively.

The study was based on Pew’s phone survey of 2,277 adults conducted in April and May 2011, and data from separate phone survey Pew conducted with teenagers and their parents.

{ 0 comments }

UK student gets 8 months for Facebook hack

February 18, 2012

A software development student from York, UK, who hacked into Facebook has been jailed for eight months yesterday.

Glenn Mangham, 26, admitted infiltrating the social networking site between April and May last year by impersonating an employee of the social networking site and hacked into three of its servers.

According to the Daily Mail UK, he downloaded ‘highly sensitive intellectual property’ including valuable computer ‘code’ sparking panic and fear among American authorities, including the FBI, of industrial espionage.

Prosecutors described the hack as the most serious case of social media hacking ever brought before the country’s courts, and added that his actions could have brought down the whole enterprise. Facebook reportedly spent $200,000 (£126,400) dealing with his crime.

Mangham told police he was looking for a ‘mini project; when the targeted the site. He first hacked into the puzzle server, which sets tests for potential employees. He reportedly uploaded his own programs to the server.

He then hacked and hijacked the account of employee Stefan Parker after bypassing security and reset his password. Using the details, he than accessed the ‘mailman server’ and the ‘phabricator server’ which is said to contain the sites’ most sensitive intellectual property.

He told the court that his intend was to identify and compile the vulnerabilities in the systems and then bundle off to Facebook and show them what was wrong.

{ 0 comments }

Infographics: Know Your Enemies Online

February 15, 2012

Today there are millions of websites that carter to the needs of web users. Millions of users go online every second to shop, learn, socialize, communicate, learn, and chill out from the comforts of their chair.

However, internet isn’t exactly the safest place to be if you are not one of those people who care about privacy and security and keep updated with information.

There are many crafty people out there who are online just for the sake of duping other and making quick money. And these people could easily become your virtual neighbour with a click of the mouse.

Trend Micro released an inforgraphic titled, “Know Your Enemies online” that shows how these cyber crooks go about doing what they do, as well as how much they make from the stolen data.

Click on the screen shot below to view the full infographic.

Know your online enemies infographics Infographics: Know Your Enemies Online

“Make no mistake about it: cybercriminals are out there lurking around your online neighborhood. They may pretend to be a trusted contact, a well-known vendor, or even a new friend you made online,” cautioned Gelo Abendan.

He stressed that every netizen should know who they are dealing with, and by doing so they are already protecting themselves from becoming a victim of cybercrime.

{ 0 comments }

Stolen Facebook, Twitter Login Credentials On Sale

February 10, 2012

Cybercriminals are selling bulk log-in credentials of social networking sites Facebook and Twitter, and web server management software cPanel.

Security company Trusteer says it has discovered evidence of “factory outlets” where the information are being put up for sale at wholesale rate using underworld advertisements. The information were also available in country-specific batches at $30 a log-in.

Login credentials of financial sites are more valuable to most cybercriminals. The information is harvested by infecting systems with Trojans such as Zeus or SpyEye. These malwares also captures the login credentials used on the victim’s machine to access other websites, in addition to online banking credentials.

To monetize the login credentials that pile up, fraudsters have started setting up “Factory Outlets” to sell them off,” Amit Klein, Trusteer’s chief technical officer, wrote in a blog.

He stress that the offering of cPanel credentials was particularly worrisome.

Fraudsters can use the account logins for web hosting admin system like cPanel to hijack a website and “plant malicious codes on these sites … that can exploit browser vulnerabilities and infect machines through drive-by-downloads.” The next step, in common practice, would be to “lure victims to the site through phishing emails and social network messages,” infecting the victims machines to carry out attacks and start over the vicious cycle.

Having access to bulk social network accounts can also be used for spamming and spreading scams on the sites.

This latest development provides a window into the vast cybercrime aftermarket that has risen up on the internet and been made possible by sophisticated malware. Whether it’s bulk drive-by download infections, bulk login credentials, pre-built web-injects, etc., criminals today have an unprecedented arsenal of tools at their disposal to attack banks and enterprises,” Amit wrote.

Facebook officials told Trusteer that it actively detects known malware on users’ devices and validates every login to the site to check for malicious activity.

{ 0 comments }