Sunday, 8 April 2012

Polymorphic Attack: Facebook Scam leads to Malware or phishing

BitDefender security researcher come across a Polymorphic Facebook Scam attack that can lead users to 'adult chat page' or 'malware downloader' or 'phishing' or any other type of dangerous pages.

The scam disguised as an invite to view a leaked sex video. Once user clicked the link, it leads to site that replicates Facebook. Here, the user are asked to install a Divx plugin to view the video.

“This is an interesting and quite complex type of scam. In data security lingo, this would qualify as a polymorphic attack, which basically means that the malicious content served can be changed by the attacker thanks to the browser extension installed. If one user lands on the adult chat page, another may reach the malware downloader or even a whole different web page set up for phishing” stated Andrei Serbanoiu, Bitdefender Online Threats Analyst Programmer.

Image Credits: Bitdefender

Once user installed the browser extension, it will take the victim different pages.  In one of attack, the page leads to a sex video page. Here, the user are asked to download premium video player 7pic, which actually hides a piece of malicious code.

The extension also allows the scammer to take control of the user cookies to advertise the scam and 'like' and 'share' the scam page. This results in the victims’ friends being exposed and to the victim itself being subject to other possible attacks launched by means of links posted on the liked page.

To stay away from these type of attacks, users are advised to install the extension from trusted sources.
Posted: 07 Apr 2012 09:34 PM PDT

Anonymous hactivist group hacked multiple government sites by launching DDOS(Distributed Denial of service) to protest government policies, the websites are inaccessible at about 21:00 BST on Saturday.

Hacker take down the Home office(, The Prime Minister's Number 10( and the Ministry of Justice(, as part of the operation called "#OpTrialAtHome"

"#OpTrialAtHome, because selling your citizens to foreigner is not acceptable!" One of Tweet claimed the reason for the attack.

"#OpTrialAtHome is offered in protest of the potential extradition of Gary McKinnon, Christopher Harold Tappin & Richard O'Dwyer. #Anonymous"Another Tweet reads.

At the time of writing,all sites are recovered from DDOS attack and back to online.
Posted: 07 Apr 2012 08:03 AM PDT

NQ Mobile Security Research Center , in collaboration with Dr. Xuxian Jiang’s team at North Carolina State University, has recently  uncovered a new piece of Android malware that can be controlled via SMS.

The malware dubbed as 'TigerBot' has the built-in payload to execute a variety of commands ranging from uploading current location, sending SMS messages, to even recording phone calls.

"TigerBot can be remotely controlled by sending SMS messages. In order to receive remote commands, it registers a receiver with a high priority to listen to the intent with action “android.provider.Telephony.SMS_RECEIVED”. As a result, it can receive and intercept incoming SMS messages before others with lower priorities."reads the NQ Mobile Security Research Center's blog post.

To hide its existence, this malware chooses not to show any icon on the home screen, but disguises with legitimate app names by pretending to be apps from legitimate vendors such as Google and Adobe.

Prevention is better than cure:
To stay away from this malware ,download applications only from trusted sources, Never accept application requests from unknown sources.

No comments:

Post a Comment