ASÍ SE HACKEA USUARIOS DE FACEBOOK EXPLOTANDO SISTEMA DE PUBLICIDAD DE FACEBOOK ADS ?
En este artículo vamos a mostrar cómo podemos hacer un ataque cibernético sobre cuentas de Facebook con ayuda de profesores . Explotando una vulnerabilidad en sistema de anuncios de Facebook podemos hacer ataque de phishing acuerdo a profesor de curso de seguridad web. La tasa de conversión de un ataque de phishing es muy alta. Y tú puedes hackear fácilmente llegar objetivo. En este artículo vamos a mostrar cómo hacer este tipo de ataque. Nosotros utilizaremos los anuncios locales y victimas locales. Usaremos nuestro código postal, edad, y lo configuraremos por lo que los anuncios sólo se presentarían a la gente conectada la página de Facebook.
Vamos a preparar y ejecutar un anuncio en Facebook, y la URL de destino es espn.l1dh.com ohttp://goo.gl/UssPDm y nosotros fijamos la URL visible a http://www.cnn.com o ctvnews.ca.
El dominio de anuncio se ve como http://www.cnn.com o ctvnews.ca que es una organización de noticias de buena reputación. Por lo tanto muy poca gente va a dudar antes de hacer clic en el anuncio.
Por lo tanto notarás que esto se parece muchísimo a ESPN, no como a CTV/CNN News en absoluto. Desplazándose al final de la página vemos los anuncios inevitables para los suplementos.
La página web se ve como ESPN y el jugador está avalando este suplemento. En la parte inferior de la página se puede ver la “evidencia social” de la gente que recomienda el producto. Esto le dará a la gente más confianza para permanecer en la página menciona el profesor de curso de seguridad web.
Vamos a hacer una rápida búsqueda en imagen inversa para ver si se trata de personas reales. Charles Barrott es el objetivo de nuestra búsqueda, en este caso:
Esto invertirá búsqueda en Google de esa imagen exacta. Aquí están los resultados y foto parece de Sam Muirhead, un director de cine. Entonces hemos creado cuentas falsas para recomendar la página.
Esto muestra claramente que los hackers han descubierto la manera de jugar con el sistema de Facebook con el fin de publicar anuncios que parecen que llevan un solo lugar (ctvnews.ca) y en última instancia conducir a un lugar muy diferente. No sólo eso, sino que se utilizan repetidamente los nombres comerciales, los términos y la información falsa para vender el producto. Según los expertos de curso de seguridad web, esto viola una serie de políticas de publicidad de Facebook. También se puede poner un malware de ransomware o una página de spear phishing.
¿CÓMO HACER UN ANÁLISIS DE ESTE TIPO DE ATAQUE?
Copiar la URL del anuncio. En lugar de hacer clic en el enlace, haga clic derecho y copiar en un editor de texto.
Es un gran URL desordenado, y si ves todos esos pequeños% ‘s esto le está diciendo que la URL está codificado. Según los expertos de curso de seguridad web, usted puede encontrar fácilmente un URL decoder en línea que puedes usar para saber URL real y veras lo siguiente:
https://www.facebook.com/a.php?u=http://goo.gl/UssPDm&
El primer parte es el controlador de publicidad de Facebook, y la parte en negrita es la dirección URL de destino donde una víctima llegara después de hacer clic. Nosotros hemos cortado la carácter “&” de manera que sólo tenemos URL acortada de Google. Esto nos lleva a la siguiente parte de nuestra investigación.
ANALIZANDO URL’S ACORTADA DE GOOGLE
Acortador de URL de Google funciona como cualquier otro servicio de acortamiento como bit.ly. Usted entra su URL y te devuelve un pequeño URL. Lo bueno del acortador de URL de Google es que proporciona analíticos para usted de modo que usted puede ver cómo se accediendo a un URL acortado y cuántas veces.
ENTONCES, ¿CÓMO ENCONTRAR ESTOS ANALÍTICOS MARAVILLOSOS?
Sólo tiene que añadir .info hasta el final de URL acortada y se te llevará a una página que tiene los datos:
Por lo tanto podemos ver que había 26, 812 clics a través de esta URL y si se pasa sobre el gráfico de anillos veremos que existían confirmados 11.246 de ellos llegaron de Facebook. Esa es una gran cantidad de clics. Los clics “Desconocido” podrían ser un caso de navegadores que no pasan a la información de cabecera HTTP . Lo que podemos ver en el gráfico de la actividad es que la campaña sólo se postuló para un período relativamente corto de tiempo antes de detenerse. En defensa de Facebook, esto puede significar que detectaron este fraude o alguien reporto el anuncio. También podría significar que el estafador hizo suficiente dinero y decidió parar la campaña y hackear los usuarios suficientes.
También vemos que la URL de destino (que ahora está muerto) es:
http://dftrack6.com/?i0g51dkl&s1=sc_hgould_ca_ll
Entonces no tenemos pruebas suficientes para demostrar que tenemos una página de destino fraudulenta, pero si usted busca sobre el dominio dftrack6.com, verá rápidamente que parece sospechoso.
El punto principal aquí ha sido sin embargo demostrado: los hackers pueden crear anuncios que parecen apuntar a sitios legítimos, y luego podrían llevar miles de clics a sus páginas de destino y ejecutar código malicioso menciona el profesor del curso de seguridad web.
The security review: Remtasu and Facebook cheat sheet
From an outbreak of malicious spyware to the UK’s bill on investigatory powers, here’s our comprehensive breakdown of cybersecurity news from the past week.
Remtasu is disguised in Facebook hacking tool
ESET’s Camilo Gutierrez Amaya reported how Remtasu, a well-known piece of spyware, which first surfaced almost four years ago, is now appearing in disguise on an app to hack into Facebook accounts. Whereas previous incarnations of Remtasu were spread in email attachments, this strain is coming from direct download sites and is installed when a user downloads and executes the file themselves after seeing adverts for it’s capabilities. Mr. Amaya noted that “although having security software can help in detecting malicious content, taking care of what you click on will bring further protection against such threats”.
How to isolate VBS of JScript malware with visual studio
ESET’s Diego Perez detailed how you can use Microsoft Visual Audio to isolate malware and debug a computer. “This is one of the methods we use at the ESET Laboratory to analyze a file written in JavaScript,” explains Mr. Perez. “Using these processes and tools, we can study each step in a possible malware infection, understand its goals and grab the original code from samples which are strongly obfuscated.”
Facebook security cheat sheet
Social sharing on networking sites has become commonplace, but many users still aren’t fully utilizing Facebook’s security features, and, furthermore, do not understand the implications of sharing personal information publicly online. ESET released its Facebook cheat sheet to coincide with Safer Internet Day detailing how to customize privacy settings and avoid compromising personal information.
Southwest Airlines flight giveaway scams spread on Facebook
Once again Facebook users have been duped into liking and sharing a Facebook page, in the belief that they might be rewarded with a first class plane ticket. A page purporting to be Southwest airlines received 23,000 shares and 14,500 likes on one such post. “The end result of all these shenanigans, of course is to trick Facebook users into poor decisions – whether it be taking online surveys which earn affiliate cash for the scammers, signing up for expensive premium rate mobile services, or spamming the unwary with unwanted (and sometimes malicious) messages,” noted security analyst Graham Cluley.
ICS calls for latest draft investigatory powers bill to go further to protect privacy
The Intelligence and Security Committee in the UK deemed the latest Draft Investigatory Powers Bill as a “missed opportunity”, according to its latest report. The bill aims to give issues such as mass data collection and hacking by British spies a more comprehensive legal framework, but the ICS stated that it “fails to deliver the clarity so badly needed in this area”.
Cybersecurity e-learning course launches in the UK for HR staff
It was reported that a free online course to help HR professionals effectively deal with cybersecurity issues has been launched in the UK. This comes a year after government statistics found that online security breaches can cost businesses up to $2.1 million. The minister for Culture and the Digital Economy, Ed Vaizey, stated that “HR professionals handle sensitive personal data so it’s crucial they are able to protect this properly”.
Facebook Following NSA Footsteps to Spy on Users: Belgium’s Privacy Advocate
In June this year, we reported how Facebook was sued by Belgium’s Privacy Commission (BPC) fortracking users even those who never made a profile on the social media site.
Now, Frederic Debussere (representative of the Belgian Privacy Commission/BPC) in his opening arguments on Monday, referred to Edward Snowden, the famous NSA whistleblower, while revealing the mass surveillance program of theNSA.
He said:
“WHEN IT BECAME KNOWN THAT THE NSA WAS SPYING ON PEOPLE ALL AROUND THE WORLD, EVERYBODY WAS UPSET. THIS ACTOR [FACEBOOK] IS DOING THE VERY SAME THING, ALBEIT IN A DIFFERENT WAY.”
Detailed Analysis:
The BPC accused Facebook of “trampling” over European and Belgian privacy law and brought a lawsuit against the social network.
The details of the alleged breaches from Facebook can be found in a report from the BPC, in which the commission mentioned that Facebook tracked non-users and those who already had logged out from the site for advertising purposes.
Reportedly, Facebook is being threatened by the BPC for a fine of $250,000 per day for not responding to its demands.
The Cookie Aspect:
Facebook has categorically denied the claims and states that the data and information presented by the BPC in its privacy report are false.
According to an official Facebook spokesperson the social network is adamant to “show the court how this technology protects people from spam, malware, and other attacks, that our practices are consistent with EU law and with those of the most popular Belgian websites,” according to the Guardian.
Moreover, Facebook repeatedly has mentioned that all of its operations and practices in European regions are audited and controlled under the Irish data protection agency. The headquarters of Facebook’s European branch is also situated in Dublin, Ireland.
A representative of Facebook, Paul Lefebvre said:
“How could Facebook be subject to Belgian law if the management of data gathering is being done by Facebook Ireland and its 900 employees in that country?”
Belgians need not to ‘be intimidated’ by Facebook:
The whole of Europe is watching the case intently since data privacy regulators throughout the region, even in the Netherlands, have started to point fingers at the privacy practices of Facebook.
Source:https://www.hackread.com
Hacker pleads guilty in Facebook malware and spam scheme
A New York man has pleaded guilty in federal court for violating an anti-spam law, although his alleged involvement in cybercriminal activities went way beyond sending spam.
Eric L. Crocker, the accused hacker, pleaded guilty to just one charge carrying a maximum penalty under the CAN-SPAM Act of three years in prison and a fine of $250,000.
Crocker was allegedly involved in hacking computers to create an enormous botnet that he maintained for co-conspirators, who used the network of compromised computers to send spam and much more.
Crocker was one of a dozen people arrested in the US in July for their connection with the notorious Darkode cybercrime forum.
According to US Attorney David J. Hickton, of the Western District of Pennsylvania, Crocker used Darkode to market his botnet.
An unidentified co-conspirator paid Crocker and others $200-$300 for every 10,000 computers they infected as part of the botnet, according to the federal indictment.
To build the botnet, Crocker infected victims through Facebook.
As described by law enforcement, Crocker used a “Facebook Spreader” malware called Slenfbot to infect victims via booby-trapped links in Facebook chat messages.
It worked like this: a user became infected after clicking on a link to the malware sent to them via a Facebook message. The malware was then used to send phishing messages to the victim’s friends on the social network.
When those recipients clicked on a link in the message, thinking it was from their friend, they automatically downloaded the malware and so the cycle began again.
Once the malware was on a victim’s computer, the computer became a “bot” that Crocker could control remotely to send further spam.
The Darkode forum, where Crocker allegedly sold his services as “Phastman,” was taken down by the FBI and Europol in July 2015.
Described by the FBI as “the most sophisticated English-speaking forum for criminal computer hackers around the world,” Darkode’s small membership used it as a hub for buying and selling services including malware, zero-day exploits, and botnets.
Members reportedly included some of the Lizard Squad hackers responsible for denial-of-service attacks on Sony and Microsoft.
Facebook, Twitter, Instagram, YouTube hit by Linux/Moose Malware
ESET researchers caught Linux/Moose, a malware family primarily targeting Linux-based consumer routers, but also known to infect other Linux-based embedded systems. Once infected, the compromised devices are used to steal unencrypted network traffic and offer proxying services for the botnet operator. You can read more on this phenomenon in an in-depth security research paper titled ‘Dissecting Linux/Moose’ now available on ESET Ireland’s blog.
In practice, these malicious capabilities are used to steal HTTP cookies to perform fraudulent actions on Facebook, Twitter, Instagram, YouTube and other sites, which include generating non-legitimate “follows“, “views“ and“likes.”
“Linux/Moose is a novelty when you consider that most embedded threats these days are used to perform DDoS attacks,”explains Olivier Bilodeau, Malware Researcher at ESET.
What’s more, according to ESET researchers, this type of malware has the capabilities to reroute DNS traffic, which enables man-in-the-middle attacks from across the Internet. Moreover, the threat displays out-of-the-ordinary network penetration capabilities compared to other router-based malware. Moose also has DNS hijacking capabilities and will kill the processes of other malware families competing for the limited resources offered by the infected embedded system.
“Considering the rudimentary techniques of Moose employed to gain access to other devices, it seems unfortunate that the security of embedded devices doesn’t seem to be taken more seriously by vendors. We hope that our efforts will help to better understand how the malicious actors are targeting their devices,” concludes Bilodeau.
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin “VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organizations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.
The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. More information is available from the ESET Press Center.
Two million stolen Facebook, Twitter, Yahoo, ADP passwords found on Pony Botnet server
Two million stolen Facebook, Twitter, Yahoo, ADP passwords found on Pony Botnet server
Since the source code for the Pony Botnet Controller was leaked, Trustwave’s SpiderLabs has been tracking the beast with much fascination.
Interest turned to stunned surprise when the researchers uncovered a Pony Botnet server stabling over two million account credentials and passwords for Facebook, Yahoo, Google, Twitter, Linkedin, Odnoklassniki (the second largest Russian social network site) and more.
botnet pony
Contrary to what some news outlets are reporting, SpiderLabs said that locations of the victims is global (not the Netherlands).
SpiderLabs explained that they could not specify a targeted country because the attacker used a proxy server based in the Netherlands to push the outflow of traffic from an NL address (making it look like there are 1,049,879 victims in the Netherlands).
The researchers wrote in Look What I Found: Moar Pony!,
(…) most of the entries from NL IP range are in fact a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the Command-and-Control server, which resides in the Netherlands as well.
This technique of using a reverse proxy is commonly used by attackers in order to prevent the Command-and-Control server from being discovered and shut down–outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down.
While this behavior is interesting in-and-of itself, it does prevent us from learning more about the targeted countries in this attack, if there were any.
The ninth top domain from which passwords were stolen was Automatic Data Processing, Inc. (ADP), which is one of the largest providers of payroll services to most Fortune 500 businesses and at least 620,000 business organizations worldwide.
In Look What I Found: It’s a Pony! SpiderLabs SpiderLabs explained,
Pony’s main business still remains theft: stolen credentials for websites, email accounts, FTP accounts, anything it can get its hands on- grabbed and reported back home.
The researchers describe the Pony Botnet Controller as “a particularly diligent” botnet controller, that steals hundreds of thousands of credentials from its victims “within a few days” of infection.
In their initial June 30 Pony Botnet discovery, SpiderLabs found 650,000 stolen website credentials, approximating 90,000 Facebook accounts, 25,000 Yahoo accounts and 20,000 credentials for Google accounts.
SpiderLabs wrote that this week’s Pony Botnet Controller discovery was not a hit-and-run, as previously encountered, but instead was a steady and ongoing ‘revenue’ delivery system.
SpiderLabs tallied:
~1,580,000 website login credentials stolen
~320,000 email account credentials stolen
~41,000 FTP account credentials stolen
~3,000 Remote Desktop credentials stolen
~3,000 Secure Shell account credentials stolen
PONY Bonet is a very powerful type of spy/keylogger malware with – as you can surmise – some pretty dangerous features. It captures a user’s sensitive data from all kinds of applications.
Notably, the trojan recognizes Chrome, Firefox, Opera, Internet Explorer, CyberDuck (and a huge range of FTP applications), Dreamweaver, Windows Mail, Outlook, Rockmelt, and more.
Fun fact: The Pony Botnet Controller’s icon is not any of the My Little Pony characters, as some might have assumed – instead it’s the Candy Corn Foal from Zynga’s Facebook game Farmville.
Ana Bella
Instituto Internacional de Seguridad Cibernética
International Institute of Cyber Security
http://www.iicybersecurity.com
Cyber Security 