Social Media a Fine Tool; Security Disaster

Social media and, specifically Facebook, is a potentially strong tool for the future in manufacturing automation, but the issue of how you secure the medium is becoming a bigger and more complex issue.

Two incidents on Facebook show just how easy it is for a scammer to manipulate the situation and learn as many details about the victim as possible.

RELATED STORIES
Motivated Hacker Always Gets In
Steel Giant Hacked; Info Leaked
Symantec: Hackers got Some Code
Hackers Claim Symantec Code

In one case a phishing and survey scam rolled into one is going after Facebook users and hijacking their accounts and making it difficult for users to get them back, a McAfee researcher said.

The victims get messages seemingly posted by their friends claiming they have received a “100rs free recharge”. Following the offered link, they land to a page asking them to enter their Facebook login credentials in order to get it.

Once the account details are in and the victim clicks on the “Log In” button, the page redirects users to a page mimicking a Facebook one, which asks the user to complete a survey in order to unlock the recharge option.

In the background, the page sends the recorded login credentials — in clear text via a HTTP POST request — to a remote server operated by the scammers.

The scammers then use the login credentials to access the victims’ Facebook accounts, change information contained in them (including the password and the email address) and post the same message that lured in the victims in the first place.

The affected users are consequently not only endangering their friends, but are also unable to immediately do anything about it. “Even if the victims try to reset their passwords, they will never get the password reset email from Facebook,” the researcher said.

In another case, a new strain of Trojan is targeting Facebook users by taking over their machines and shaking them down for cash.

Carberp, like its predecessors ZeuS and SpyEye, infects machines by tricking punters into opening PDFs and Excel documents loaded with malicious code, or attacks computers in drive-by downloads. The hidden malware steals account information, and harvests credentials for email and social-networking sites.

A new configuration of the Carberp Trojan targets Facebook users to ultimately steal e-cash vouchers. Previous malware attacks on Facebook were mainly to gather login details, so this ploy is an escalation, said researchers at security firm Trusteer.

The Carberp variant replaces any Facebook page the user navigates to with a fake page notifying the victim there is a temporary lock on their Facebook account. Effectively holding Facebook users hostage, the page asks the user for their first name, last name, email, date of birth, password and an Ukash 20 euro ($25) voucher number to verify their identity and unlock the account.

Trusteer warns the cash voucher attack is in some ways worse than credit card fraud, because with e-cash it is the account-holder, not the financial institution, who assumes the liability for fraudulent transactions.

Trusteer said it does not know how many people suffered from this attack. But it warns social networking users, particular those with e-cash accounts, to be wary of this particular scam and potential follow-up frauds along the same lines, which might easily trap the unwary.

“The fraud technique is quite effective,” said Amit Klein, chief technology officer at Trusteer. “Keep in mind that the user gets an authentic-looking message in the context of a genuine, deliberate log-in to Facebook. We do know that this is exactly where users are most susceptible to divulging personal information and following additional instructions, as their trust in the content is maximal.”

The use of anti-debugging and rootkit techniques make Carberp Trojan difficult to detect, warns security consultancy Context Information Security. Context said: “Carberp is also part of a botnet that can take full control over infected hosts, while its complicated infection mechanisms and extensive functionality make it a prime candidate for more targeted attacks.”