Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

October 26th, 2010, 12:56 GMT · By

Facebook Phishing Worm Quickly Steals Thousands of Accounts

SHARE:

Adjust text size:


Facebook phishing worm spreads through chat spam
Enlarge picture
Security researchers from Kaspersky have uncovered a Facebook phishing attack abusing the chat feature and stealing accounts at a rate of fifteen per minute.

The worm-like attack advertised the phishing URL through Facebook chat messages, which gave it a higher rate of success over the wall spam method, users have become accustomed to.

The message spammed by compromised accounts through read "Is this you?" and was followed by a link to a rogue Facebook application page.

This page displayed a fake Facebook login form inside an iframe and instructed users to authenticate themselves in order to access the video content.

When checking the directory structure of the external server hosting the rogue form, security researchers found an access log.

This log pointed them to a repeatedly queried file called acc.txt, which contained the stolen Facebook credentials.

"I downloaded acc.txt and saw that the file contained stolen accounts: in the first version of acc.txt which I downloaded I saw that the attacker had collected over 3000 accounts!

"I downloaded the acc.txt at 5-minute intervals, and within 20 minutes, the number of stolen accounts went from 3000 to over 6000," says David Jacoby, the Kaspersky Lab expert, who investigated the case.

The compromised credentials were likely used via automated scripts to send more Facebook chat spam and expand the attack's reach.

The incident stands to show just how successful unsophisticated, but well designed phishing scams can be in a social networking environment.

Facebook's Security team was alerted and quickly suspended the malicious page. Because of the researcher's find, it was also capable of resetting the password on the compromised accounts.

However, this doesn't always happen. Next time, until Facebook intervenes, the attackers can already have thousands of credentials in their possession.

If you believe to have fallen victim to such an attack, immediately change your password. Also go to Account Settings and terminate all active sessions listed under the Account Security section.
FILED UNDER:
Facebook
phishing
worm
chat

TELL US WHAT YOU THINK:

3,372 hits · 1 comment · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Firefox Extension Allows Anyone to Steal Logins over Insecure Wireless Networks
Security Experts Not Buying into Facebook's OTP Idea
Facebook Introduces One-Time Passwords and Remote Sign Out
Facebook's Inner Workings Facilitate Impersonation

READER COMMENTS:


Comment #1 by: prince on 02 Nov 2010, 22:56 UTC reply to this comment

how to share this info page on facebook ?

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use