Compromised Google, Facebook, Twitter Password is the Least of your Problems

American news media and blog sites have been flooded with warnings from cyber do-gooders for everyone to change their Google, Facebook, Yahoo and Twitter passwords after more than 2 million accounts have been compromised.

But if your system was one that was compromised, changing your password is the least of your worries.

Trustwave Spiderlabs announced on Tuesday that a Russian Pony Botnet server has been identified that had stolen credentials for about 2 million accounts. But this isn’t that big of a deal to Americans as of these, the mass majority were from systems in the Netherlands:

Only a tenth of a percent of systems affected were in America, for a grand total of 1,943 accounts!

And boys and girls, this is a Russian botnet server, which means that if your account is one that has been compromised by the botnet, guess what?

Your machine is most likely still infected with a keylogging, account stealing Trojan!

You may want to scan it for viruses and get that botnet client off your system!

This is not the only Pony Botnet Server out there either. In June SpiderLabs found a smaller one that had 650,000 credentials on it.

And while we are talking passwords, unbelievably, it looks like people are still using simple passwords on their social media accounts.

Here are a list of the top 10 passwords used according to SpiderLabs Analysis:

The number one password used was “123456”…


Facebook Graph Search shows ‘Married Men who like Prostitutes’

Last week Facebook revealed a new search feature to help people find others who are interested in the same things. Sounds all well and good, but a new website shows some search results that may not be quite what Mark Zuckerberg had in mind.

Facebook Graph Search seems interesting enough, for example you could search for people who are into cycling that are from your home town. Or People who like knitting who are in Washington, DC. Very helpful when you are trying to connect with others.

But as the Actual Facebook Graph Searches website shows, social searches can be used to retrieve information that some may not want revealed.

For example, what would happen if you searched for “Married Men who like Prostitutes”

Funny Facebook Graph Searches

Or, what about “Current Employers of people who like Racism”

Funny Facebook Graph Searches 1

Some others include:

  • Current Tesco Employees that like Horses
  • Mothers of Catholics from Italy that likes Durex
  • Spouses of Married People who like Ashley Madison

These are all humorous, but some searches could be used by certain countries who have repressive governments, where religious liberties are restricted, to find people who have beliefs that may not jive with the government.

For example the search “Family Members of people who live in China and like Falun Gong” could cause some issues:

Facebook Graph Searches 2

Or even “Islamic Men interested in men who live in Tehran, Iran” could cause issues, as Iran has very strict laws concerning homosexuality.

Social Media is a great tool to keep in touch and meet new people online. And as these examples show, some humorous things can be found by social media searches.

But as we have seen from the security world, Social Media can also be manipulated to provide information that some may not want revealed to the public, or information that could be misused.

Hacktivists using Shortened Links to Hide Malware Servers

Several times I have received direct tweets or replies on Twitter with a message like “Check this out!”, “This is along the same lines”, or “If you think that is bad, check this out”. The profile picture of the sender is usually a professional looking businessman or a pretty lady. And the included link is a shortened URL.

Why some people are just so friendly right?

But running the shortened URLs through a link unshrinker told a different story. One of the first evil links that I found was four lines long when unshrunk and included an IP address of a known Russian Business Network (RBN) host. But the way they formatted the link, the actual website called was at the end of the link and pointed to a server in the US.

I have seen the same tactic used on a forum discussing the 9/11 Anti-American protests that are going on now in many Islamic countries. A comment posted, by a very pretty lady (of course), had an anti-Islamic message and a shortened link. The link unshortened was a very long masked URL.

Recently, the Telegraph posted an article on the Taliban using pretty girl profiles on Facebook to try to befriend and get information from allied troops:

“Most did not recognise that people using fake profiles, perhaps masquerading as school friends, could capture information and movements. Few consider the possibilities of data mining and how patterns of behaviour can be identified over time.”

Unfortunately, with sites like twitter, once you click on the link, you are instantly taken to the site without being able to preview it. And with the nasty zero-day exploits that are out there (IE and Java 7) just visiting a site and allowing a script to run could allow full remote control of your computer to a remote hacker.

As the Anti-American protests continue, expect these tactics to increase. Be careful what you click on and who you befriend on Social Media sites. And always run a script blocking program like “NoScript“.

Hackers Targeting Social Media Sites for Social Engineering Attacks

Hackers using Social Engineering attacks are getting much better at their craft, and people are making it very easy for them. A Social Engineer will use information gathered about a person, place or business in specially crafted attacks that play on people’s thoughts, beliefs or emotions.

But how do they get personal information that they could use against someone?

Drum roll please…

Social Media sites!

“No way”, you say, “I only give friends, colleagues and people I know access to my Facebook page.” Do you really? I mean come on, let’s be honest. We have all seen them, people with 500, 1000, even 2000 people or more on their friends list. Do they really know all those people?

People are human, and humans are always into popularity contests. It reminds me of the TV commercial where the daughter is sitting in front of her computer with hundreds of friends on her social media site. And she is making fun of her parents who have like 5 on their site, but then it shows the parents out kayaking (or something like that) with friends.

Hackers are using this very weakness of the human psyche to gain pertinent and sometimes very personal information about a person. But how you ask?

How about Linked-In? Do you get friend requests from people you have never heard of that “know you” from some website, have similar likes or dislikes, or attended the same conference? Hackers are gaining full technical backgrounds, co-worker names, titles and even full resumes using this very simple tactic.

It also works on Facebook. Except here, social engineers gain personal information about you. Everything from news about your family, your interests (sports, clubs, etc), heck some even go as far as to tell you their travel plans and even food preferences. Sometimes a lucky hacker will even get the daily itinerary of a very trusting individual.

How could they leverage this information in an attack?

Simple, from Linked-In they could craft an e-mail saying they are from some company that you worked with or for. Or from Facebook, that they are from your kid’s school or from one of the many clubs that you attend and have scheduling or other important “news”. All this in an attempt to get you to click on a link that heads to a malware infested site or to get you to run a PDF file that contains a backdoor trojan.

A friend recently received an e-mail supposedly from the technical support department for a product that he actually owned. It was about an important update and the link for the update led to a site that tried several browser exploits in attempts to install remote access malware. It was very believable, luckily the broken English in the e-mail made him think twice before he visited the site.

How do you protect yourself from these types of attacks?

It is always best to actually know or have met the person that you are allowing into your social media circles. Limit the level of personal information that you place on these sites. And be very careful telling people your schedules. Do your 2000+ friends really need to know that you will be out of the country for 2 weeks and what airline you will use and what hotel you will be staying at?

Just some things to think about. Hackers are getting much better using Social Engineering attacks. A little discretion will go a long way.