Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
 
Recent Posts
Categories
Monthly Blog Archives
Links
Subscribe
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

The SpywareGuide Greynets Blog

Main

May 13, 2008

  • First Time For Everything

As you might imagine, I'm registered on a lot of social networking sites - a lot of the time, just to see what's coming through in terms of hijacks, adverts, scams etc. I've been registered on Wayn.com for a long time, but never seen anything strange come through. Until this morning, that is, when I found out I had a message waiting from Janet Jackson.

As you do.

baham1.jpg

Something tells me this isn't Janet inviting me to sing with her at the next Superbowl...

http://blog.spywareguide.com/upload/2008/05/baham2-thumb.jpg
Click to Enlarge

....whoops. I doubt this is the start of an endless barrage of ringtone spam and free iPods, but it'll be interesting to see if I get anything else like this. Have spammers worked out a way to game Wayn? Have I just been lucky so far? Or have they only just started targeting the site? No idea. I'm still up for singing at the Superbowl though...

May 02, 2008

  • Pinont.com - No Need To Panic

There have been a few discussions on security lists and forums regarding a wave of spam comments on Facebook that (for the most part) mention a site called Pinont.com. There were some theories that this might be some kind of worm attack - however, one of my researchers told me last night that a relative was apparently phished and (not long after) comments such as these started appearing from the relatives account:

fbfsh.JPG

As the title states, no need to panic - it's highly unlikely this is anything other than somebody harvesting accounts the old fashioned way then promoting an endless deluge of pill websites. Yes, Phishing sucks - but for now, it doesn't look like Pinont.com is the Herald of the End of Days or anything equally dramatic..

May 01, 2008

  • The Spectre Of Rogue Facebook Applications, Back Once More

In January, everything went a little crazy because of a Facebook application that (if you believed the hype) force installed Zango, hijacked your PC, set fire to your house, killed your pets.....well, you get the idea. In actual fact, the truth of the matter was a little more convoluted. All I could see was that this application opened up a popup, which (every now and again) would just happen to be an advert for Zango. Hardly Earth shattering, but of course it did switch people on to the fact that they needed to be careful which applications they gave permission to access their data while on Facebook.

Well, a few months on and it looks like the BBC had a coder create an application (in three hours or less) that could swipe a whole pile of data on both you and your friends, before mailing it back home to base. I can't stress enough - when it comes to social networking sites, NEVER post anything you wouldn't feel comfortable posting on an otherwise open and accessible site such as your blog, personal website, whatever. I have pages on Myspace, Facebook, Orkut and a whole bunch of others - and there is NOTHING on them that you couldn't find elsewhere. There is no hidden treasure trove of data to mine, and so I don't care what happens to it because it's all out there in the public domain anyway. This is what I've been telling people for the longest time, and it works.

A few days ago, I talked about the oddly intrusive chat attack I experienced, and how FaceTime products can control / lock down / fire into orbit Facebook applications where necessary. To date, there haven't been any applications out there that have gone in and done all sorts of horrible and malicious things to end-users on Facebook. Personally, I've been more concerned about applications that allow people to post a seemingly endless and imaginative array of body parts in various comical situations. Nobody really wants that all over their desktop in a regular workplace environment, right? However, this seems to me to be a warning shot of sorts - a warning that we not only need to consider locking down applications that cause annoyance and embarrassment, but also to keep an ear to the ground as we await the inevitable arrival of the "I BREAK STUFF" application.

Coming soon to a Web 2.0 site near you...

March 14, 2008

  • The Latest Facebook Chain Letter

Observed being fired around via mail, private message, posted directly onto profile pages....

chainletters.gif

An emotional plea from the heart, except that there's no mention of how this works, how anyone is tracking the number of messages sent through Facebook and turning it into money, where it's donated to, why it's talking about "Email" when it's actually being posted onto FunWall applications on Facebook...etc.

Here's another chain letter observed in November - I wonder how many more are out there?

March 05, 2008

  • A Blast From The Past Appears On Facebook

Just a quick note to mention that I've seen this floating around various facebook pages (usually in the comments sections of profile pages):

altf4.gif

I should stress, there's no indication of this being posted as a result of an infection or anything like that, but it does seem curious that people would start randomly posting the above on their friends pages, even if doing such a thing was funny, oh, about five years ago.

For those who don't know what pressing ALT + F4 does, here you go.

January 28, 2008

  • Do It Yourself Phishing for Social Networks And Webmail

Every now and again, I see something interesting pop up on Myspace and decide to take a closer look -as you might have guessed, this is one of those occasions. There I was, trawling through some Myspace groups when I happened to see this....

emlspm00.jpg

Check out the site from 2006 courtesy of Internet Archive - it's fair to say these guys could do with a few pointers on interior decor:

http://blog.spywareguide.com/upload/2008/01/emlspm000-thumb.jpg
Click to Enlarge

...if someone asked a toy company to design a hacking site, that might be what they come up with. I guess they realised this too, because if you go there now...

http://blog.spywareguide.com/upload/2008/01/emlspm0000-thumb.jpg
Click to Enlarge

Ooh, scary! Shall we take a look around their "Hackyard"? As you might have guessed, there's not a lot here that would fall under the banner of "ethical hacking", despite their claims on the frontpage. Inside are a collection of (frankly awful) forums, news articles and some other bits and pieces that fail to attract any attention. However...

emlspm101.jpg

"MSN / Hotmail hacking page"? Nice. Click the link, and you're given a number of options to choose from:

http://blog.spywareguide.com/upload/2008/01/emlspm0-thumb.jpg
Click to Enlarge

Hotmail, Yahoo, Myspace, Orkut, hi5 and Facebook are all listed. Select your chosen target, and you'll be presented with a custom-built drop down menu:

emlspm10.jpg

Select the "E-Card" of your choice, enter the Email address of your victim then hit generate - you'll be presented with auto-generated text for your email:

http://blog.spywareguide.com/upload/2008/01/emlspm2-thumb.jpg
Click to Enlarge

At this point, cut and paste the text into your own mail, send it to your target and wait. Depending on the service you chose to "attack", the recipient might see something like the above, or something like this:

emlspm4.jpg

When they click the link, the target is redirected to another domain - of course, they'll be presented with something relevant to the service you're trying to "hack":

http://blog.spywareguide.com/upload/2008/01/emlspm3-thumb.jpg
Click to Enlarge

Phish pages ahoy! They have a number of these all sitting on the same domain:

http://blog.spywareguide.com/upload/2008/01/emlspm6-thumb.jpg
Click to Enlarge

Here's a fake Hotmail login:

http://blog.spywareguide.com/upload/2008/01/emlspm20-thumb.jpg
Click to Enlarge

...and a fake Myspace:

http://blog.spywareguide.com/upload/2008/01/emlspm22-thumb.jpg
Click to Enlarge

The good news is, the domain is flagged as a known Phish host when visiting in Internet Explorer:

http://blog.spywareguide.com/upload/2008/01/emlspm23-thumb.jpg
Click to Enlarge

But wait, I hear you say. How do you get your hands on the phished user details? Well, here comes the clever part. The stolen login details are handily posted to the top of your login screen on Hothackerclub.com:

http://blog.spywareguide.com/upload/2008/01/emlspm11117-thumb.jpg
Click to Enlarge

Note that it tells you numerous pieces of information including number of accounts stolen, the date you did it and the type of service account compromised so the budding hacker can keep a nice running total of their exploits.

So, who runs these sites? Well, Hothackerclub.com is anonymous - however, it looks like someone slipped up with regards the registration for the site hosting the phish pages:

"Registrant:
Digital Studio
47-Tufail Road Cantt Lahore
Lahore, Other 54000
PK

Domain name: GREETING4LL.COM

Administrative Contact:
Sulahria, Muhammad Yousaf yousaf2k@gmail.com
47-Tufail Road Cantt Lahore
Lahore, Other 54000
PK
+92.3334112402 Fax: +92.3334112402"

Of course, "Muhammad Yousaf" is the individual who first posted to Myspace.

Be wary of anything Emailed to you that requires you to login to any of the sites mentioned above - if in doubt, right click the live link in the Email and check what domain it points to. Otherwise, you might end up on a hackers rapidly growing trophy list...

December 12, 2007

  • Too Much, Too Soon?

There's a lot of new social networking sites out there nowadays, with new ones popping up all the time. Not so long ago, Zubby.com was launched with the following message from founder Randy Zlobec:

"Although it's obviously a great success, I think the problem with MySpace is the amount of advertising it has given itself over to," Zlobec states when asked why he started Zubby.com. "Many of my friends have a MySpace account and the one thing we all agree on is the frustration of logging on to find out you have 30 new messages from people you don't know, trying to sell you a magic pill or similar! Also, there are all the adverts that take up all your page space, not to mention the amount of times accounts have been hacked. With Zubby, we aim to change all that and more."

As I was one of the first people to register there, I've seen emails get fired out regarding what's going on in the network, and it seems that as time goes by, Zubby has to sadly face facts - eventually, all the problems that plagued someone else come and plague you, too.

Here's a mail from the 27th of November:

http://blog.spywareguide.com/upload/2007/12/27th-november-thumb.jpg
Click to Enlarge

....a simple warning about placement of adverts. And then, a few days later, another message entitled "First member banned from Zubby.com":

http://blog.spywareguide.com/upload/2007/12/30th-november-thumb.jpg
Click to Enlarge

...does this sound like a miniaturized version of Myspace yet? Then, on the Second of December, we have a mini spam invasion on the network:

http://blog.spywareguide.com/upload/2007/12/2nd-december-thumb.jpg
Click to Enlarge

....it doesn't take long for the bad guys to start exploiting the system, does it? Eventually, it really is a case of too much, too soon and on the 11th of December, they haven't anticipated exactly how many people were going to register on the site:

http://blog.spywareguide.com/upload/2007/12/11th-december-thumb.jpg
Click to Enlarge

Whoops.

I'm already starting to sink in an Ocean of "30 messages from people I don't know", and friend invites from people called "Cash" and "UProfit" who have profiles like this:

http://blog.spywareguide.com/upload/2007/12/cashcrate-thumb.jpg
Click to Enlarge

....with not a lot else on them but gigantic pictures of cheques and endless promises regarding how much money you're going to make.

It seems the sad reality is that for anyone running a social networking site, any and all attempts to avoid incidents such as the above are totally, and utterly, doomed to failure. Am I being too negative here? Or is that a fair assessment of these sites?

Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

© Copyright 2006, FaceTime Communications, Inc. All rights reserved.