Facebook phishing worm compromises thousands of accounts   Leave a comment

A very effective phishing worm has been targeting Facebook users and has been compromising their accounts by luring them with the offer of seeing a video.

The victim would receive a instant message from a contact asking “Is this you?” and supposedly offering a link to the video, but actually providing a link to a malicious Facebook application which loads a phishing page into an iframe:


The Kaspersky researcher that spotted the worm was curious and poked around the server to access some common directories so that he could discover more information about the worm’s activity, and he found one containing Apache access logs.

“When analyzing the content of the log file I saw that someone was trying to access a file named acc.txt,” says the researcher. “I downloaded acc.txt and saw that the file contained stolen accounts: in the first version of acc.txt which I downloaded I saw that the attacker had collected over 3000 accounts! I downloaded the acc.txt at 5-minute intervals, and within 20 minutes, the number of stolen accounts went from 3000 to over 6000.”

He immediately notified Facebook, and the malicious page was taken down. Users who think their account has been compromised are advised to change their passwords and to terminate any active session that might be found in the Account Security section in the Account Settings.

http://www.net-security.org/malware_news.php?id=1511&utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Advertisements

Posted November 2, 2010 by axxerainc in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: