Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Fake Page Injection Targets Facebook Users

Trusteer : 04 April, 2012  (Technical Article)
Ice IX Malware exploits the popularity of Facebook to redirect users to a fake page for performing credit card fraud
Fake Page Injection Targets Facebook Users
Trusteer researchers have discovered a new configuration of the Ice IX malware that attacks Facebook users after they have logged in to their account and steals credit card and other personal information. Trusteer even discovered a “marketing” video used by the creators of the malware to demonstrate how the web injection works.

The global reach and scale of the Facebook service has made it a favourite target of fraudsters. Trusteer recently wrote about criminals stealing e-cash vouchers from Facebook users and selling bulk Facebook login credentials.

This latest attack uses a web injection to present a fake web page in the victim’s browser. The form requests the user provide their cardholder name, credit/debit card number, expiry date, CID and billing address. The attackers claim the information is needed to verify the victim’s identity and provide additional security for their Facebook account.

For anyone who believes the cybercrime economy lacks the sophistication of the legitimate economy, the following marketing video provides conclusive evidence that it does not. Trusteer discovered this video circulating in underground forums. It demonstrates in step by step fashion a webinject cycle performed to attack Facebook users.

The video begins at the Facebook logon page with the criminal logging-in to a Facebook account.

Next, the video demonstrates the pop up created by the webinject that is being offered for sale. This pop up presents virtually the same message used in the Ice IX configuration Trusteer researchers discovered and analyzed. The only difference is the version in the video requests a social security number and date of birth, in addition to the information mentioned earlier. In the video, the criminal fills out the fields.

Finally, the information entered in the pop up is shown being delivered to the fraudster's messenger application.

“This video illustrates the seamless sophistication of pre-built webinjects that are readily available for purchase on the internet,” said Trusteer CTO Amit Klein. “It also demonstrates how accomplished criminals are at marketing their malware products. Most of all, this attack highlights how fraudsters are branching out from their ‘bread and butter’ online banking schemes into lateral applications with much larger user populations. By attacking Facebook and other ubiquitous social networks fraudsters can tap a massive pool of victims. They can also use the information harvested from social network users to perpetuate fraud on multiple in fronts including online banking, retail, and even to penetrate enterprise and government networks.”

Trusteer contacted Facebook to advise them that they would be mentioned in this blog. Facebook requested that they pass on some information about their site’s security measures. Here’s a summary of their response:

i) Facebook actively detects known malware on users' devices to provide Facebook users with a self-remediation procedure including the Scan-And-Repair malware scan. To self-enroll in this check point please visit – on.fb.me/AVCheckpoint

ii) Please advise your readers to report to Facebook any spam they find on the Facebook site, and remember Facebook will never ask for your credit card, social security, or any other sensitive information other than your username and password while logging in.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo