Continue reading »]]> Facebook is more popular than ever. The site frequently goes through changes, but how many people use the same schedule of improvements on their own profile? The new features added to Facebook are opening new windows for vulnerability. A compromised account is a backdoor to more serious attacks on email or banking.

Today I will show you 10 things you should stop doing on Facebook in order to take back your security and close the open door.

-Stop posting your phone numbers. Last week I explored a Facebook attack that harvests the phonebook feature. Remember that your number is exposed to your friends, and therefore you’re relying on their security practices as well as your own to protect you. If a phisher can spoof your number, they have an extra layer of authenticity in convincing your friends you are in trouble and need money fast.

-Put down the games. I know the Mafia can’t take Cuba without you, but it’s time to stop. The top games on Facebook have been hacked, and it’s just a matter of time before the one you play is next. It’s arguable that the damage is already done with the games and applications you’ve already allowed, but don’t sign up for any new ones! Third party apps are not guaranteed to be secure, and you should not trust them with your credentials.

-Don’t trust chat. It shouldn’t take Chris Hansen to tell everyone that the person on the other end of your chat session could be anyone. The chat feature on Facebook should be treated as a public conversation. Never give out any private information, even if you’re positive you are talking to your friend.

-Refresh your personal info. Take a fresh look at your profile from the perspective of a social engineer. Does your profile tell a story about you? What information can you cut out? Many security questions ask about personal details about primary school and pets. Delete any photos or profile details that may relate to those kinds of questions.

-Don’t use the lazy emails. Facebook will fill your email inbox with notifications, and the links to easily respond. Instead of following the links in email, open up a fresh tab and go to facebook.com directly. Facebook and most social networks are targets for email spoofing. Otherwise you’ll be entering your login password at facebock.com!

-Don’t friend acquaintances. Think of the friends list as a circle of trust. If you don’t know the person well enough to trust their
security savvy, than you’re very unlikely to recognize the behavior of a phisher pretending to be them. 500 friends means 500 possible inroads to a social engineering or phishing attack. Tone down the number.

-Don’t keep an old password! Changing your password short circuits many trivial forms of attack. Facebook is a high risk target for Identity Theft, especially if you’re using applications frequently. How about doing it now!

-Photos are forever. Make it clear to your friends and family that you do not want those pictures of you in your birthday suit on anyone’s profile. (As opposed to the one of you in a suit on your birthday!) Pictures give behavioral information to an attacker. Bruce Schneier calls this “incidental data” in his Taxonomy of Social Networking Data. There he makes the assumption that incidental data is information that you did not create about yourself, and therefore do not control. I would add that although much of it is outside your control, there are ways to influence your friend’s posting behavior overall. Also, Facebook gives users the ability to “untag” themselves in pictures. While the damage is already done in the short term, you’ve influenced long term vulnerability.

-Don’t forget @mentions. This new feature brings more incidental data. Be respectful of your neighbor’s privacy. Ask yourself if having a friend’s entire profile pinned to your comment like a big arrow is actually necessary for the joke to be funny.

-Don’t trust other websites. Facebook is everywhere now. The same trust rules apply to the Facebook Login feature that is spreading to other websites. If you don’t trust the website you’re on, then signing in with the Facebook credential does not give you an added layer of protection, but rather hands your password to strangers.

This list may seem counterproductive to the efforts Facebook makes to create a global connected community. While I am interested in being a part of such a community, I go into it with eyes open. Just like wearing a wallet belt when I go to huge tourist destinations, I want to be smart about visiting the hugely popular social networking sites online. It may not be the coolest thing to do, but in the end I found that my friends didn’t even notice I had taken these safety precautions. Now the camera bag I stuffed in my shirt… that was a different matter.

Original source:
http://erratasec.blogspot.com/2009/11/10-facebook-donts.html

Continue reading »]]> In their latest “Weekly Threat report”,VeriSign’s iDefense Intelligence Operations Team has profiled the underground market proposition of someone claiming to have 1.5 million compromised Facebook accounts available for sale.

The pricing method is based on the number of contacts per compromised account, presumably with the idea to allow easier spreading of related malicious content across Facebook.

Here’s an excerpt from the report, and a brief FAQ on the underground ad.

• “On Feb. 10, 2010, (cybercriminal) stated that he or she is selling 1.5 million compromised Facebook accounts, in bulk quantities, belonging to users in various countries. The price per 1,000 accounts varies based upon the number of friends and contacts that each account possesses. For a purchase of compromised accounts containing 10 contacts or fewer, a buyer must pay $25 per 1,000 accounts. A purchase of compromised accounts containing 10 or more contacts requires a buyer to pay $45 per 1,000 accounts. Accounts containing zero contacts are also available for bulk purchasing from (cybercriminal), at the cost of $15 per 1,000 accounts. The prices of these accounts are presumably in USD or the equivalent amount in some form of electronic currency.”

Sometimes, there’s no honor among cybercriminals (Phishers increasingly scamming other phishers), just like there isn’t among “real life” thieves.

From the distribution of backdoored web interfaces to web malware exploitation kits, to the actual “binding” of additional malware to the original release, sophisticated or at least cybercriminals with experience, have realized that there are thousands of potential cybercriminals that could unknowingly start working for them. The process of “cybercriminals attempting to scam novice cybercriminals” demonstrates just how vibrant the ecosystem has become these days.

With a huge percentage of the underground marketplace driven by reputation, this is exactly what this particular seller of Facebook data is missing. Moreover, with quality assurance now an inseparable part of the cybercrime ecosystem, the seller is not just skipping the time frame in between which the accounts were compromised, he is also not mentioning have many of them are actually verified as working.

These, and several other factors make me skeptical on the quality of this underground proposition.

If we consider that the cybercriminal’s claims to be true, how did he manage to obtain 1.5 million Facebook accounts?

The ad is clearly stating that they are accounts with contacts, meaning they’re compromised, and other which have zero contacts, meaning they’ve been automatically generated by outsourcing the CAPTCHA-solving process to international teams specializing in the process.

The compromised accounts could have been obtained through the emerging Cybercrime-as-a-Service (CaaS) market model. For instance, if he has paid $100 for 3GB of raw crimeware data, and the data mining allowed him to compile a list of 1.5m Facebook accounts, based on the current price, he’ll automatically break-even.

Phishing campaigns shouldn’t be excluded as a possibility, however, it remains unclear whether the seller has launched them personally, or managed to purchase the raw data from someone else.

What kind of a business model within the cybercrime ecosystem would allow him to sell the data so cheaply, and still make a profit?

It’s a business model with an ever-decreasing cost of supply, based on the currently active “malicious economies of scale” phrase. This efficiency-driven cybercrime model is in fact so successful, that whether consciously or subconsciously, cybercriminals are realizing the basics of market liquidity, and the time value of “underground goods”, in particular the decreasing future value of assets like the Facebook accounts — the value becomes zero when the affected user changes his password from a malware-free host.

Why would a cybercriminal want access to your Facebook account?

For a variety of fraudulent reasons, all of them exploiting the already established trust relationship between the compromised account’s holder and his network of friends.

From “money transfer schemes” where the fraudster is supposedly stuck somewhere and requires cash, to a malware campaign relying on nothing else but a status message leading to a client-side exploits serving site. Your network of friends, turns into his network for propagation of fraudulent/malicious schemes and campaigns.

VeriSign’s iDefense also makes an interesting observation.

With Facebook’s user base growing to 300 million people across the globe, this indispensable marketing platform can be easily integrated into the cybercriminal’s arsenal, with localized and targeted social engineering attacks relying on basic market segmentation, launched with the idea to achieve a higher conversion rate, compared to mass marketing approaches.

Fact or fiction, based on the ad’s content, this is perhaps the perfect time to change your Facebook password from a malware-free host, since a strong password is just as weak as the weak one in general if there’s malicious code present on the system.

Written By : Dancho Danchev

Continue reading »]]> There is a new facebook application doing the rounds by the name of Photas, it will say that a frnd of urs commented on a photo of you, and when u try to check the photo, it will take u to this page: http://www.facebook.com/apps/application.php?id=448829670716 , goign there will send this trojan to all your friends and thus spread exponentially.
Do not fall for this.

In General, dont take everything for granted on sites like facebook etc, look before you add apps, u may never know what you might give away.

Forward this to your friends so that they also dont fall for this.

Continue reading »]]> SYDNEY: Who says you can’t buy friends? An Australian online marketing company is selling friends and fans to Facebook members after offering a
similar service to Twitter users.

Advertising, marketing and promoting company uSocial (usocial.net) said it was targeting social networking sites because of their huge advertising potential.

“Facebook is an extremely effective marketing tool,” Leon Hill, uSocial CEO, said in a statement.

“The simple fact is that with a large following on Facebook, you have an instant and targeted group of people you can contact and promote whatever it is you want to promote,” he added.

“The only problem is that it can be extremely difficult to achieve such a following, which is where we come in.

The company offers packages for Facebook, the world’s number one social networking site, that start at 1,000 friends up to 10,000 friends at costs ranging from $177 to $1,167.

Facebook is now the world’s fourth-most visited website.

The company, which counts venture capitalist Peter Thiel, Accel Partners, Microsoft Corp and Russian Internet investment firm Digital Sky Technologies among its investors, has more than 250 million registered users.

But uSocial’s packages are not without controversy. According to some Australian websites, Twitter tried to shut uSocial down, accusing it of spamming members, while the Los Angeles Times reported that Digg.com, a website where people vote for their top news stories or websites, has also tried to shut down uSocial because it sells votes.

Continue reading »]]> What is Koobface?

Koobface is a malicious executable program that is commonly installed without user consent or knowledge. Koobface can be installed by itself or bundled with other infections. Koobface will often display frequent advertisements for bogus products or programs. The presence of Koobface can cause sluggish system performance, system freezes and/or crashes. Eventual system failure and blue screen could also be caused by Koobface. Koobface is not known to replicate itself at the time of this publication.How do I remove Koobface?

This Koobface Removal guide provides two Koobface removal options, automatic Koobface scanner and manual removal. Please see our Koobface manual removal warning before proceeding with manual removal.
Automatic Koobface scanner download

Click here to download Automatic Remover

Manual Koobface removal directions

Warning! Manual Removal of Koobface is intended to be used by advanced users only.

Follow directions below for Koobface removal manually:
Find and Stop Koobface Virus Processes: ctrl+alt+del -> Processes

* fbtre6.exe
mstre6.exe

Find and Remove Koobface Virus registry values:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating

Find and Delete Koobface Virus Files:

* C:\\Windows\\fbtre6.exe
C:\\Windows\\fmark2.dat

How did I get Koobface?

Unfortunately it is very difficult to pinpoint the exact distribution point of Koobface. However, common delivery tactics of Koobface could be, but not limited to: trojans, browser exploits, pc ports or other vulnerable access points. We have seen reports of Koobface being distributed through fake media codec downloads as well.
Common symptoms of Koobface?

Possible attributes and symptoms of Koobface are listed below.

* Koobface may push advertisements for rogue security applications
* Koobface may cause frequent popup advertisements
* Koobface may cause sluggish system performance
* Koobface may cause slow PC processing
* Koobface may cause Blue Screen
* Koobface may cause high CPU usage

How do I prevent Koobface?

Once you have cleaned up Koobface, the main tip in order to prevent Koobface and future malicious programs from returning is to stay suspicious of new websites you have never visited. Chances are you were tricked into downloading Koobface when you thought it was something else.

More tips to prevent Koobface from returning:

* Update Windows often
* Update Windows Security Settings
* Turn on Firewall Protection
* Update Anti-Spyware Software Frequently

What is the purpose of Koobface?

The creators or authors of Koobface have one sole objective in mind, money. Almost all forms of malicious code nowadays, with Koobface being no exception, are created to make a buck. The creators or authors of Koobface know that if then can distribute “x” amount of downloads of Koobface then Koobface will generate “y” amount of revenue. In addition, many of these Malware authors have been doing this awhile so they have perfected their conversion rates and will continue to do so.

Who is behind Koobface?

It is difficult to say exactly who is behind Koobface. Certain hypothesis can be created for Koobface though. Chances are the creators or authors of Koobface are located (or at least their servers are) somewhere in either Eastern Europe or China. However, Malware has been retraced back to almost every country in the world so it really difficult to gauge this with any type of accuracy.

Continue reading »]]> What exactly it is? 

It is the flagship software product from UltraReach Internet Corp. for Internet anti-censorship. It enables users inside countries with heavy Internet censorship to visit any public web sites in the world safely and freely. it enables users to browse any website freely just the same as using the regular IE browser while it automatically searches the highest speed proxy servers in the background.

What does it means??

• 100% freedom to have 100% information in most secure way.
• It means no matter where you are you can access 100%free version of internet I mean no firewalls no restriction nothing….
• Almost all schools, universities and corporate offices raise firewalls to filter out not work related sites, now those firewalls will be of no use or they have to change their plans.
• Everybody can access various social networks like Orkut, Youtube, Myspace, Hi5, Facebook, Linkedin etc. which are blocked almost in 99% schools and offices.
• 100% real time and it’s encryption is better then any online banking system.
  

How to get going??

It’s very simple you have to just-

• download an exe file
• then extract it
• and run
• Set proxy if u have any (generally in offices internet are provided through proxies, you can find that, through tools>>internet options>>Connections>>LAN Settings>> there you are with proxy server for your LAN and it’s port
• Just copy that to proxy settings of Ultrasurf.
• Then a window will pop up, says some thing in Chinese, just close this window
• And open fresh internet explorer
• There you are, you can surf any information.
• For office people: beware don’t spread words to your colleagues keep this info as limited as you can, coz if system people got to know about it then they’ll take your comp for scrutinizing.

Useful tips:

When u download fresh version u need to tweak proxy settings of Ultra Surf. do that manually, also sometimes proxy setting of Ultra Surf get vanished automatically.. do check for proxy setting and feed it manually. For any kind of browser Proxy IP address is 127.0.0.1 with port :9666 and For Ultra Surf it depends upon your network.

[Update: 08 May 2009]

What is the Flip Side??

I should start with a quote that I’ve learnt in my life

“Too much freedom can Make you or it can Break you”

The flip side is that you can access to anything, I thing you got my point, In school, universities and Work office various sites are blocked to raise their efficiency and productivity, and it is very much likely that if anyone get freedom he/she will definitely try to miss use it.

Some more Useful tips:

I’ve heard one thing many times that Ultra Surf is slowing down net speed or Ultra Surf is not working or something like that but after so many experience of Q&A and personal experience i’ve found that it’s not the Ultra Surf but it’s the net connection that has problemo…..

• Check your net connection remember that it needs certain level of net speed to run Ultra Surf smoothly.
• 9.2 is the latest one and it is the best coz when there is no net connectivity it automatically flashes a message…. it won’t hang u there for retry
• also last tip is that when net slows down or ain’t working at all, just exit Ultra Surf and re start it. instead of retry.. try exit and re start it…trust me retry is bad idea. just restart the whole thing.