//honeypot demagogic

 Forum DhammaCitta. Forum Diskusi Buddhis Indonesia

Author Topic: Scary New Facebook Bugs Steal Money, Evade Anti-Virus  (Read 1704 times)

0 Members and 1 Guest are viewing this topic.

Offline kullatiro

  • Sebelumnya: Daimond
  • KalyanaMitta
  • *****
  • Posts: 6.153
  • Reputasi: 97
  • Gender: Male
  • Ehmm, Selamat mencapai Nibbana
Scary New Facebook Bugs Steal Money, Evade Anti-Virus
« on: 09 June 2012, 11:53:06 PM »
Most pieces of Facebook malware are
mere annoyances — survey scams
that generate pennies at a time for the
operators, or "like"-jacks that promote
dubious products.
However, two new bugs may be
harbingers of more serious malware
to come.
The more immediately dangerous of
the two uses a classic phishing email
to direct users to rigged Facebook
pages that harbor the SpyEye banking
Trojan, a long-lived and very effective
information stealer that infects Web
browsers to hijack online banking
sessions.
The other is a sophisticated clickjacker
called LilyJade, which is spreading
through Facebook as a worm and
substitutes its own online ads in the
place of legitimate ads on Facebook,
Yahoo, YouTube, Google and other
popular sites in order to generate
cash for small-time cybercrooks.
The Flashback malware that infected
600,000 Macs in March made money
through clickjacking, and a different
piece of malware discovered last week
that places ads on Wikipedia pages
seems to operate the same way.
Working hard for your money
The SpyEye phishing email, forwarded
to Sophos' Naked Security blog
by a reader, pretends to be an official
notification from Facebook telling the
recipient that "we have received an
account cancellation request from
you." The email then asks the
recipient to "follow the link below to
confirm or cancel this request."
The link does go to a Facebook.com
page, but not an official one. Instead,
the visitor is asked to install an
unknown Java-based application, and
not given an option to decline.
Once the applet is installed, the user
is then asked to "update" the Adobe
Flash Player — which, in this case, is
really a variant of the SpyEye banking
Trojan.
Good anti-virus software will block the
installation of SpyEye, as will common
sense that tells users not to allow
installation of unwanted applications.
Today clickjacking, tomorrow who
knows?
LilyJade uses similar social-engineering
tactics, claiming to be news about
Justin Bieber being in a car crash.
Once a user clicks the link, it uses a
drive-by download to infect browsers.
At the moment, LilyJade is harmless to
infected computers. But it's installed
using a cybercriminal exploit kit and is
written in a new programming
framework called Crossrider that
works equally well in Google Chrome,
Microsoft Internet Explorer and
Mozilla Firefox.
LilyJade's rapid spread and ease of
infection won't go unnoticed for long
by other malware creators.
"It is quite rare to analyze a malicious
file written in the form of a cross-
platform browser plugin. It is,
however, even rarer to come across
plugins created using cross-browser
engines," wrote Kaspersky Lab security
expert Sergey Golovanov
in an English-language blog post
today (May 21.) (The Russian-language
version was posted May 5.)
What's unusual about LilyJade,
according to independent security
researcher Brian Krebs
, is that its creator, an Arizona hacker
named Dru Mundorff, is openly selling
it for $1,000 a copy on hacking
forums, using his real name.
On the hacking forum, Mundorff
claimed that LilyJade is invisible to anti-
virus software , since in some cases it's
just two lines of code pointing to an
external site.
Facebook told Krebs it had already
sent Mundorff a cease-and-desist
letter, which Mundorff ignored.
Mundorff told Krebs that LilyJade is in
fact perfectly legal, thanks to a creative
end-user license agreement.
"We're not forcing any users to be
bypassed, exploited or anything like
that," Mundorff told Krebs. "At that
point, if they do agree, it will allow us
to make posts on their wall through
our system."

http://www.technewsdaily.com/4317-scary-facebook-malware.html

 

anything