Facebook Password Reset (Virus)

I received an email that claims to be from Facebook (it’s a forged email). The email is designed to trick people into opening the attachment. Here’s what the it says,

Hey [name removed],

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
The Facebook Team

There’s another version some people have received that is similar but has a different introduction and sign off,

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
Your Facebook

Both of these emails come with a virus attached. And neither of these emails were actually sent from Facebook. In fact, Facebook had absolutely nothing to do with it, the scammers just mention the word to encourage people to open the attachment.

So as always, be suspicious of unsolicited emails, and be suspicious of attachments you didn’t ask for.

Passwords Compromised on JIRA, Bugzilla & Confluence

If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised. There was a targeted attack on these systems on the 9th April 2010.

These are services used by developers, most “normal” people would not have accounts on these services. If you do use these services please read the full incident report here.

Facebook Un Named App

Here’s a combined hoax and malware. Let’s start from the beginning.

People have been posting notes on Facebook about something called “un named app”. It tells you to remove something from Facebook. It’s a hoax. Don’t believe what it says, don’t follow the instructions, and don’t pass it on.

Below are some quotes of the hoax:

ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it… It’s an internal spybot. Pass it on

this is real.. i checked and found this app and deleted it… hopefully, my facebook will run better now.

Cannot believe how much quicker mine is running after doing this….

I don’t have this app on my Facebook account but if you do, don’t worry. It’s a normal part of Facebook and you shouldn’t delete it.

Now the second part of this hoax is a real trojan. If you go to Google and search for “facebook unnamed app” you’ll see quite a few results. Some of these results are fake antivirus programs.

A fake antivirus program is actually a trojan. It pretends to scan your PC and quietly installs malware in the background. It goes under the name of Security Tool, it has a fancy detection screen and everything. But it’s definitely bad.

The rule of thumb is that if a web page tells you that your PC might be infected, don’t trust it. Go and get your own antivirus program, not something that pops up on your screen (see here for a good free antivirus program).

There’s a lot to learn here. Basically, be careful who you trust. These days scammers have to trick you into installing malware and they’re good at it (it’s called social engineering).

Common Passwords

Security companies sometimes get to analyse real people’s passwords and create interesting reports. Imperva has just done that, analysing 32 million passwords used on the Rockyou.com site (which was recently hacked).

Below is a summary of their findings. Why is this important to you? Because it means that statistically, you probably have a weak password that can be guessed.

• 41% of passwords only use lower case letters (weak)
• 15% of passwords only user numerals (even weaker)
• Nearly 50% of people used names, slang words, dictionary words or trivial words as their passwords. These can be guessed in seconds by a “brute force” program.

The ten most common passwords were:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

If you use any of these as your password then change it now, it’s too easy to guess, especially now that everyone can see this list.

For tips on how to choose a good password read our previous article. And here are some tips on testing how good your password is.

Imperva’s complete report is here. It’s full of interesting technical details on what they found and what the risks are.

IE6

Internet Explorer 6 is still used in many large organisations. It’s because large organisations invest heavily in technology then expect to keep using it for many years to increase their returns on investment. Usually their internal programs won’t work on newer browsers, and it’s a major task to upgrade them.

But Internet Explorer 6 (IE6) is quite old and very vulnerable to being hacked. It’s so vulnerable that it’s the main (technical) cause of the recent hack attack by China against Google (read here). In short, it seems that the Chinese government (or agents working on their behalf) hacked certain people’s Google accounts. They were able to do this because these people weren’t using the latest version of Internet Explorer.

So any organisation that refuses to upgrade to the latest version of Internet Explorer is also at risk.

Microsoft have made an official statement that IE6 is vulnerable and they want everyone to upgrade to the latest version.

Update: The Australian Government has also asked people to stop using IE6.

Update 2: Microsoft has made a patch available to all IE6 users to fix the problem. Download it from here.

BitLocker Can Be Cracked

Microsoft make an encryption system called BitLocker, it encrypts hard drives so that it’s impossible to access any files without the key. Top level security.

That was true until now. Passware are a company that recently released new tool that cracks this BitLocker security. The way it works is complicated and someone would need physical access to the computer.

So if you rely on Passware for security life is suddenly more complicated. The best you could do is to also concentrate on the physical security of your computers.

More details here and here.

iPhone Viruses

A lot has happened in the past week with iPhones. First let me explain what “jail breaking” means.

iPhones have some security built-in, courtesy of Apple. This security’s main purpose is to let Apple decide what you can and can’t do with the phone. For example, you can buy and install an approved program, you can’t install a hacked program.

Now there are plenty of people in the world who want to use their iPhones in ways not sanctioned by Apple, such as using it on a non approved network or running non approved programs. So these people remove this layer of security. This is known as “jail breaking”.

Now for a summary of what’s happened recently:

First, there was a practical joke called “rickrolling” – some people found their phone’s wallpaper (background image) changed to a photo of the singer Rick Astley. It was a practical joke, harmless.

How were these phones hacked? Someone wrote a program that looks on the internet for vulnerable iPhones and installs this wallpaper, then the program copies itself to that phone and does the same thing to others. (More details here)

It only affected some jail broken phones. People were told that it’s nothing to worry about.

Then a couple of days later someone else took this idea and wrote a malicious version that works the same way. Again, only some jail broken phones are vulnerable. Except this time instead of being a practical joke it steals personal data.

It connects to a server in Lithuania and lets hackers connect to the phone and do what they want (such as stealing passwords and reading SMS’s). This is bad.

How can you protect your iPhone?

• Firstly, if you don’t jailbreak your phone you have nothing to worry about.
• If you do jailbreak your phone you need to change a special password that’s built into the phone. The password is usually “alpine” – you can’t see this password unless you know what you’re doing but it’s there and it needs to be changed. There are instructions here on how to do this.

Summary

An iPhone is a “smartphone”, meaning that it basically works like a computer and it has an internet connection just like a computer. And like computers it can be hacked and can get viruses. Apple goes to a lot of trouble to make sure everything works well (it’s in their best interest to deliver a quality product) so people who go about circumventing the device’s security are taking a great risk.

130 Million Credit Cards

There’s an interesting news article here about someone who stole 130 million credit card numbers and was later arrested for it. The interesting points are:

• 130 million is a large number. How many people like in your city? Or country? He operated in the USA, and I don’t have any stats on how many credit cards there are in USA but it’d be somewhere around half of all credit cards. The more you think about this the less secure you’ll feel about your own credit card number.
• All this data was sold to hackers in various cities countries (California, Illinois, Latvia, the Netherlands and Ukraine). So even though he was arrested the data’s been compromised already.
• There’s nothing you or I could have done to protect ourselves from people like this. He stole the numbers from businesses (such as restaurants) that store the numbers on their databases, not from people’s home computers.
• He wasn’t a sophisticated hacker, he just looked for businesses with wireless networks and weak security (read here on how to secure a wireless network the right way) and installed malware to do the work.

Businesses should be doing more to keep their data safe. A lot of the time they just don’t have the skills or budget to spend on network security (especially non-technology businesses such as restaurants). Yet there’s a moral obligation to do so. What can we do about that?

You should also be watching your own credit card accounts regularly.  Internet banking makes it easy to check your account details every couple of nights from home. By doing so you’ll notice compromised accounts early and can get the card cancelled. Just make sure your computer is safe when you log onto internet banking sites (read here and here for some good tips).

The full article on this incident is here. It’s a bit long but an interesting read.

Recovering Compromised Facebook Accounts

Accounts are often hacked, including Facebook accounts. Too many times people fall for scam emails telling them to (urgently) click on a link and type in their password. Too many times people don’t know how to tell the difference between the real Facebook login page and one made by a scammer (read here for some hints).

And when an account does become compromised and hacked, the scammers usually use it to send out spam. Then it can be difficult for people like you to get that account back.

Facebook has given this problem some thought and added a way to recover a compromised account. They will send you an email and ask you to verify your account. Then on their web site they’ll ask you some security questions and ask you to change your password.

There’s more info here.

Next Page →

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Sponsored Ads:

  • Anastasia International Scam

• Recently Written

  • Emails That Ask You To Run An Attachment
  • Fake Virus Scan
  • Smileworld Scam
  • Infected Samsung S8500 Wave SmartPhones
  • Facebook Password Reset (Virus)
  • Free $1000 Ikea Gift Card Scam
  • Phishing emails from Skype
  • Passwords Compromised on JIRA, Bugzilla & Confluence
  • Admin update
  • McAfee Stinger
  • Another Scam Job
  • ICS Monitoring Team
  • Facebook Groups And Toolbars
  • An Interview with a Nigerian Internet Scammer
  • Fake CUA Email

• Categories

  • Admin
  • Antivirus
  • Backups
  • Fraud
  • General
  • hoax
  • Identity Theft
  • Malware
  • News/Media
  • Phishing
  • Privacy
  • Scams
  • Security
  • Software
  • Statistics
  • Uncategorized

• Archived Articles

  Select Month July 2010  (2) June 2010  (2) April 2010  (5) March 2010  (3) February 2010  (5) January 2010  (11) December 2009  (1) November 2009  (2) October 2009  (4) September 2009  (10) August 2009  (9) July 2009  (7) June 2009  (20) May 2009  (15) April 2009  (12) March 2009  (10) February 2009  (14) January 2009  (10) December 2008  (10) November 2008  (3) October 2008  (7) September 2008  (5) August 2008  (11) July 2008  (17) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Affiliates

• Spam Blocked

  32,952 spam comments blocked by
  Akismet

• Stats