Archive for the ‘Social Networking’ Category

China’s Great Firewall Spreads Overseas | HostExploit News

March 27, 2010

China’s Great Firewall Spreads Overseas | HostExploit News: “”

(Via .)

Hackers Sell Twitter Accounts for Up to USD1,000 | HostExploit News

March 8, 2010

Hackers Sell Twitter Accounts for Up to USD1,000 | HostExploit News: “”

(Via .)

Korean, Japanese Netizens Wage ‘Cyber War’ | HostExploit News

March 8, 2010

Korean, Japanese Netizens Wage ‘Cyber War’ | HostExploit News: “”

(Via .)

Phishing: not just for attacking banks

December 30, 2009

Phishing: not just for attacking banks: “

I’m interrupting my scheduled series on reputation to bring you a public service message. This week on Security Levity, a reminder to beware of all kinds of phishing attack: not just bad guys pretending to be your bank…

read more

(Via Amir Lev’s blog.)

How The Koobface Worm Gang Makes Money

December 21, 2009

How The Koobface Worm Gang Makes Money

Trend Micro report looks at the true motivation behind the widespread malware-laden botnet

Dec 21, 2009 | 02:51 PM
By Kelly Jackson Higgins

Chances are you know someone who has been hit by Koobface, one of the first successful social networking worms. But there are many faces to Koobface, and many ways its authors make money from it.

New research from Trend Micro details how Koobface’s creators monetize the worm through scareware or fake antivirus, click fraud, information-stealing malware, and online dating services. “Unlike in the past when we always thought of malware as one piece of malware, like Melissa or Lovebug, in today’s world Koobface is an ongoing criminal enterprise using hundreds and thousands of pieces of code,” says David Perry, global director of education for Trend Micro. “That makes it more difficult to describe to the public at large. It’s not just one file.”

Read the rest here

Cyber criminals lurk on social networking sites

November 23, 2009

Cyber criminals lurk on social networking sites

More and more people are using social networking sites, including, sadly, criminals seeking to take advantage of the rest of us.

Threats on those sites include applications and quizzes, as well as malware, worms and viruses. But the main risk, says Trend Micro’s Rick Ferguson, is information you post yourself that can jeopardize your privacy and your security.

Ferguson says that "we have a tendency on social networks to share more information that we need to." While you may need to reveal which schools you went to and where you worked to connect with old school mates or colleagues, "you don’t need to share your date of birth, phone number and address," Ferguson said.

Koobface Abuses Google Reader Pages | Malware Blog | Trend Micro

November 9, 2009

Koobface Abuses Google Reader Pages | Malware Blog | Trend Micro: ”

Botnet Exploits Hacked Sites Malicious Sites Malware Microsoft News Pharming Phishing Security Spam Vulnerabilities



Koobface Abuses Google Reader Pages
4:56 am (UTC-7)   |   by Jonell Baltazar (Advanced Threats Researcher)

We are seeing another development from the Koobface botnet, this time abusing the Google-owned service Google Reader to spam malicious URLs in social networking sites such as Facebook, MySpace, and Twitter.

The Koobface gang used controlled Google Reader accounts to host URLs containing an image that resembles a flash movie. These URL are spammed through the said social networks. When the user clicks the image or the title of the shared content, it leads to the all too familiar fake YouTube page that hosts the Koobface downloader component.


Google Reader is a free service offered by Google that allows users to monitor websites for new content. It also allows the users to share content from the websites. Any user online can view”

(Via .)

Trick or Tweet? Malware Abundant in Twitter URLs

October 30, 2009

Trick or Tweet? Malware Abundant in Twitter URLs: “


As many as one in every 500 web addresses posted on Twitter lead to sites hosting malware, according to researchers at Kaspersky Labs who have deployed a tool that examines URLs circulating in tweets.

The spread of malware is aided by the popular use of shortened URLs on Twitter, which generally hide the real website address from users before they click on a link, preventing them from self-filtering links that appear to be dodgy.

Kaspersky, an anti-virus and computer-security firm based in Moscow, created a tool called Krab Krawler, which extracts URLs from millions of tweets a day. The tools expands shortened URLs to examine words in the web address for those matching known malware sites. For unknown sites, Kaspersky visits the web page to determine if it’s hosting malicious code that could infect visitors.

About 26 percent of Twitter messages contain a URL, according to Costin Raiu, chief security expert at Kaspersky. About half of those appear to be generated by spammers or by people with malicious intent, he said. These URLs get spread quickly in re-tweets.

The Krawler, which was first deployed in August, has scanned about 30 million URLs to date. It extracts URLS from multiple threads in Twitter’s public timeline and currently examines about 500,000 unique URLs a day. It crawls the sites linked to from the URLs, and scans the content with Kaspersky’s high-end heuristic programs to detect malware.

Of the URLs examined, between 100 and 1,000 a day are found to be hosting malware, the company said.

The two most popular URLs that the Krawler found posted to Twitter so far passed through the system in September. Both directed users to online dating sites. One of the sites,, is known to have hosted malware in the past, Raiu said.

‘The website is blocked by quite a few services out there,’ he said. ‘It’s not blocked by the Google API, which is why it’s still present on Twitter.’

The most popular piece of malware spread by Twitter messages is the Trojan-Clicker.HRML.IFrame.ob, which accounts for about 31 percent of the malware found. (See chart above.)

In August, Twitter began using a filtering system developed by Google (Safe Browsing API) to detect malicious URLs on its own. The system checks URLs against a blacklist, and either blocks malicious links from being posted, or warns Firefox and Chrome users to think before they click. The filter works only on URLs that are shortened using, the default and most popular URL shortening service on Twitter — it’s backed by the same people behind the microblogging service — or, an alternative version of that produces even shorter URLs.

Malicious URLs that are shortened with any of the 200 or so other URL shortening services will not be caught with Twitter’s filter, Raiu says, which explains why the majority of malicious URLs currently passing through Twitter are shortened with other services.

The first Twitter malware was found as early as August 2008, long before the service had reached its current peak popularity. This spring, malware began to appear regularly in ‘trending topics’ lists on Twitter — lists of posts discussing the most popular subjects on Twitter.

‘A lot of people will just check the trending topics to see what’s hot and … just click on the link to see what it’s all about,’ Raiu said.

Once Kaspersky detects a malicious URL, it includes the information in its security tools to protect customers. It can take between two and 12 hours after someone has posted a URL to Twitter for Kaspersky to add the info to its detection tools.

The company plans to expand its Krawler to other social networking sites in the near future.

Graphic image courtesy Kaspersky Lab

(Via Wired: Threat Level.)

Hacked Facebook applications reach out to exploit sites in Russia

October 27, 2009

Hacked Facebook applications reach out to exploit sites in Russia: “All the social networking sites have issues with calling out to exploit pages. Usually what happens is that someone’s website gets hacked, and because they link to it from their MySpace or Facebook page, their contacts and friends sometimes get drawn to the attack sites. This is quite common, and we’ll write about it soon, but today’s story is a little different, in that these seem to be actual Facebook applications that have been hacked. (Please note that the application developer(s) are innocent victims too, and did not intend for their games to be hacked.)

(Via AVG Blogs | Roger Thompson.)

Twitter hack raises questions about ‘cloud computing’ –

October 4, 2009

Twitter hack raises questions about ‘cloud computing’ – ”

Twitter hack raises questions about ‘cloud computing’
A hacker allegedly broke into a Twitter administrator’s personal e-mail account
The hacker stole Twitter financial documents and leaked them to several blogs
Web is abuzz with opinions on the hacking’s impact and the ethics of posting the info
Twitter says it is seeking legal counsel on the matter
updated 2:06 p.m. EDT, Thu July 16, 2009
Next Article in Technology »