" Facebook "

Facebook accounts “hacked” for $100

“Any Facebook account can be hacked” – so claim the creators of an online service which, for only $100, allegedly provides clients with the login and password credentials to access any account on the popular social networking site. This not only includes accounts belonging to ordinary people, but also celebrities, politicians, or well-known companies.

Uncovered by global IT security vendor Panda Security, the criminal outfit conducts payments online through Western Union, with the money transferred to the Ukraine, further fueling the perception that most Internet mafias are based in Eastern Europe. The domain that hosts the service is registered in Moscow.

The company claims to have been offering this service for four years with only one percent of accounts hack-proof. In these cases, they offer clients a money-back guarantee. However, the domain is just a few days old.

Users can also get extra dollar-credits to spend on the service when they hack more accounts. They can even become affiliates to help hackers reach a broader audience. These affiliates receive 20% of what they sell in credits for hacking more accounts.

“The system’s real purpose may be hacking Facebook accounts as they say, or profiting from those that want to try the service,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “In any case, the Web page is very well designed. It is easy to contract the service and become either the victim of an online fraud, or a cyber-criminal and accomplice in identity theft.”

Once an intruder hacks into a Facebook account, all personal data published on the site can be stolen. Similarly, those accounts can also be use to send malware, spam or other threats to the victim’s contacts. In the case of celebrities of other well-known entities, they can be used to defame the account holder such as through spreading information in their name.

Find out more at the PandaLabs blog.

Panda report reveals thriving rogueware economy

Panda Security’s malware analysis and detection laboratory has released a comprehensive study on the proliferation of rogueware into the cyber-crime economy.

Rogueware consists of any kind of fake software solution that attempts to steal money from PC users by luring them into paying to remove nonexistent threats. Panda predicts that it will record more than 637,000 new rogueware samples by the end of Q3 2009, a tenfold increase in less than a year. Approximately 35 million computers are newly infected with rogueware each month (approximately 3.5% of all computers), and cyber-criminals are earning approximately $34 million per month through rogueware attacks.

“The Business of Rogueware”, Panda’s report, reviews the various forms of rogueware that have been created, and shows how this new class of malware has become an instrumental player in the overall cybercriminal economy. The study also provides in depth analysis on the increasingly sophisticated social engineering techniques used by cyber-criminals to distribute rogueware via Facebook, MySpace, Twitter and Google.

In early 2009 social media sites such as Facebook, MySpace, Twitter, and Digg, became large targets for rogueware distributors. The top five social media attacks involving rogueware are:

1. SEO attack against Ford Motor Company

2. Comments on Digg.com leading to rogueware

3. Twitter trending topics lead to rogueware

4. Rogueware exploits WordPress vulnerability to facilitate Blackhat SEO attack

5. Koobface moves to Twitter

“Rogueware is so popular among cyber-criminals primarily because they do not need to steal users’ personal information like passwords or account numbers in order to profit from their victims,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “By taking advantage of the fear in malware attacks, they prey upon willing buyers of their fake anti-virus software, and are finding more and more ways to get to their victims, especially since popular social networking sites have become mainstream.”

Rogueware morphs quickly and proves difficult to detect

There are approximately 200 different families of rogueware, and Panda expects the variations to continue to grow. In the first quarter of 2009 alone, more new strains were created than in all of 2008. The second quarter painted an even bleaker picture, with the emergence of four times as many samples as in all of 2008. In Q3, Panda forecasts a rogueware total greater than the previous eighteen months combined.

The primary reason for the creation of so many variants is to avoid signature-based detection by (legitimate) antivirus programs. The use of behavioural analysis, which works well with worms and Trojans, is of limited use in this type of malware because the programs themselves do not act maliciously on computers, other than displaying false information. However, Panda Security has started to identify more advanced malware variants that are using typical Trojan features, rootkits and other techniques to subvert virus detection technologies.

How rogueware business works – and tracking the source

The Panda report details how the rogueware business works. The rogueware business model consists of two major parts: programme creators and distributors — not unlike a traditional business. The creators are in charge of making rogue applications, providing the distribution platforms, payment gateways, and other back office services. The affiliates are in charge of distributing the rogueware to as many people and as quickly as possible.

Panda’s research reveals that the affiliates are mostly comprised of Eastern Europeans recruited from underground hacking forums. They earn a variable amount per each install and between 50-90 percent commissions for completed sales. The Panda report includes financial statements and photos from events hosted by the leaders of these organizations that are not dissimilar to corporate sales events.

To read the full report, click here.

For real-time updates on Panda’s research, follow @Panda_Security

Cyber-crooks use Facebook to drive rogue anti-malware business

According to global IT vendor Panda Security, the 56th variant of the Boface family of worms has just appeared. Each of these variants has been designed especially to use Facebook to distribute and download malware. This is largely due to the enormous global popularity of this social network and the potential it offers for reaching numerous users. The BJ variant in particular uses Facebook to download and install rogue anti-malware and trick users into believing they are infected and consequently buy a fake antivirus.

Data compiled through the free Panda ActiveScan online scanner has shown that since August 2008, 1% of all computers scanned were infected by a variant of Boface.

“Extrapolating this data in line with the number of Facebook users (approximately 200 million), we arrive at a figure of 2 million users that could be infected,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “The increasing number of variants in circulation is due to the aim of cyber-crooks to infect as many users as possible and therefore boost their financial returns”.

Almost 40% are in the United States, with the rest distributed across many different countries. The number of infections observed for this type of malware since August, indicates an exponential growth rate as high as 1,200%, comparing April 2009 with August 2008.

The rogue anti-malware business is one of the most prolific cyber-crime activities, with respect to the number of examples in circulation. Panda forecasts quarterly growth of more than 100% for the current year.

The new variant: how it works

The new Boface.BJ worm reaches computers in several ways: email messages with attachments, internet downloads, files transferred via FTP, IRC channels and P2P file-sharing networks.

Once the computer has been infected, the worm kicks into action once infected users have entered their Facebook accounts. In that moment, it sends a message to the entire network of friends, including the infected user. Anyone clicking on the link in the message will be taken to a fake YouTube page (called “YuoTube) where they will supposedly be able to see a video. However, they will first be prompted to download a media player. If the user accepts, the fake antivirus will be immediately downloaded.

From the moment it is installed, this malware will launch messages claiming that the computer is infected and that the user must buy a solution.

Given Facebook’s viral nature of networks, it is fair to assume that this message will spread exponentially leading to very high infection rates.

“Users of social networks like this normally trust the messages they receive, so the number of reads and clicks is often very high,” says Matthews. “Clearly, in addition to the security measures of the social network itself, users have to take on board certain security and personal privacy basics, to avoid falling victim to fraud and contributing to its propagation.”

To prevent this type of fraud, Panda Security offers the following advice:

1)    Don’t click suspicious links from non-trusted sources. This should apply to messages received through Facebook, other social networks and also email.
2)    If you do click on any such link, check the target page carefully (in this example, it is clearly a fraud). If you don’t recognize it, close your browser.
3)    Even if you don’t see anything strange in the target page, but you are asked to download something, don’t accept.
4)    If, however, you have still gone ahead and downloaded and installed some type of executable file, and your computer begins to launch messages saying that you are infected and that you should buy an antivirus, this is very probably a fraud. Never entered your credit card details, as you will be putting your money at direct risk. And above all, make sure you get a second opinion on the security of your system, with any reliable free online security solution such as Panda ActiveScan.
5)    As a general rule, make sure your computer is well protected, to ensure that you are not exposed to the risk of infection from any malicious code. You can protect yourself with the new, free Panda Cloud Antivirus solution.

VIEWPOINT: Social networking, passwords and privacy

By Luis Corrons, Director of PandaLabs

We have been warning for a long time of the issue of adding our personal information to any social network. I use them by myself (Facebook, LinkedIn, etc.) and I’m surprised at the amount of personal information that my contacts have there, even more surprised when more than the 90% of my contacts work in security related companies -yes, that means that my social life sucks, I know 😉

Social networks are also a good communication tool, just a few days ago we could see how the Queenstown police arrested a man thanks to Facefook. But things are not black or white, and when the mankind is involved you can also see the dark side. In September 2008 we could see some news reports about terrorist using Facebook to kidnap Israeli soldiers.

But we don’t need to go that far. There is another major issue: people are lazy, we don’t want to have complex passwords that we can’t remember, nor to have a different password for each application; so people just choose an easy to remember password or just create passwords consisting of some of their own personal information, using their birthday, wife/husband name, hometown, etc. Last week 4 people were arrested for blackmailing Spanish singer David Bisbal. Basically they had got into his mail account and used the information stored there. The head of the gang, psychologist, was able to figure out his password after studying all the personal information of the singer that can be obtained from the Internet.

We do not usually have that kind of information about ourselves available for our friends, but we have it on Facebook and similar networks. They are only visible to our friends (we should redefine the word “friend” in a social network enviroment, but I won’t talk about it here). I have not tried (and won’t) to figure out my friends passwords, but I could do it and I’m sure it would work in many cases. And what happens if one of our friend’s accounts gets hacked, is that whoever it is will have access to all his friends info… scary at least.

So please, just follow some basic recommendations:

• Use common sense.
• Restrict viewing of your details to trusted persons.
• Don’t publish your full birth date.
• Don’t reveal your e-mail, phone number or postal address.
• Ignore unsolicited requests to be friends or group membership from unknown people.
• Use different passwords, and change them periodically.

Finally, you can take a look at this list, containing a list of the Top 500 worst passwords of all times, taken from the book Perfect Password (Mark Burnett, 2005). I miss some passwords in this list, as “guest”, “admin” or “backup”, but it is useful so that you can know which ones you shouldn’t choose.