Rogue Facebook application leads to phishing

September 2010
M	T	W	T	F	S	S
« Aug
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Aug

UPDATE: Two further rogue applications have been identified as a part of this scam click here for the latest blog article.

A rogue Facebook application appears to be sending notifications that lead users to a credential harvesting site.

Prospective marks receive a Facebook notification that a user has commented on one of their posts, as above. The notifications appear to come from an application called “sex sex sex and more sex!!!” which despite sounding shady and looking a bit of a mess still boasts over 287000 fans.

The hyperlinks in the notification both lead to a malicious website hosted on the fucabook.com domain (note that the user name itself does not link back to a profile). The server at fucabook.com loads up a JavaScript before immediately using HTTP meta refresh tags to pull up the real Facebook website and prompting the victim for their login credentials.

Always check the URL displayed in your browser’s address bar before entering any sensitive information. Also check the true destination of a link before clicking it, by hovering your mouse pointer over it. If it looks suspicious, don’t click it. Also, if you’re a Facebook user, now would be a good time to go and review your privacy settings and clear out any applications you no longer use.

The attack site is registered to an Arsen Tumanyan who allegedly resides in Armenia, the domain is registered through GoDaddy and the URL leads to an IP address that resolves to the Amazon Elastic Compute Cloud (EC2) cloud.

Bookmark

| More

This entry was posted on Monday, 17. August 2009 and is filed under "Opinion, Phishing, Web 2.0". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

12 Comments to "Rogue Facebook application leads to phishing"

	New Facebook App Steals Login Info \| Nosta Solutions - Hardware, Gaming, News, Reviews: Tuesday, 18. August 2009 um 12:20 am

[...] your mouse pointer over it. If it looks suspicious, don’t click it,” he wrote in a blog post. “Also, if you’re a Facebook user, now would be a good time to review your privacy [...]

	Phishing Gefahr fuer Facebook User: Tuesday, 18. August 2009 um 11:26 am

[...] Informationen zu dieser aktuellen Bedrohung sind unter trendmicro.eu erhältlich Tags: Facebook, Internetsicherheit, Malware, Phishing ähnliche BeiträgeMalware [...]

	Facebook Applications Used For Phishing: Thursday, 20. August 2009 um 4:37 am

[...] posts detailing these findings can be found at the Counter Measures blog; the initial report is here and a follow-up was posted [...]

	Attenti alle False Applicazioni su Facebook \| IbA's Blog!: Thursday, 20. August 2009 um 10:56 am

[...] la società di sicurezza Trend Micro ha scoperto in giro una falsa applicazione, di nome “sex sex sex and more sex !!!” (un nome che [...]

	Aplicaciones de Facebook con miles de usuarios están siendo usadas para robar cuentas y passwords. El caso sex,sex,sex \| Marcelino Madrigal: Thursday, 20. August 2009 um 11:26 am

[...] Me ha llegado una alerta de Trend Micro (una empresa de seguridad, antivirus, etc.) con la que trabajo avisando de… [...]

	Anti-Virus & Anti-Malware website. » Facebook Applications Used For Phishing: Thursday, 20. August 2009 um 6:20 pm

[...] posts detailing these findings can be found at the Counter Measures blog; the initial report is here and a follow-up was posted [...]

	Facebook Applications Used For Phishing \| Virus Experts - We Make Your Digital Life Secured: Friday, 21. August 2009 um 2:26 pm

[...] posts detailing these findings can be found at the Counter Measures blog; the initial report is here and a follow-up was posted [...]

	Facebook Declares War On Spam Developers: Friday, 21. August 2009 um 8:43 pm

[...] still has applications that slip through the cracks (such as some of the phishing apps that are currently getting coverage), policy enforcement has become a significant focus for Facebook. This means that developers who [...]

	Facebook Declares War On Spam Developers « facebooknews: Saturday, 22. August 2009 um 4:34 am

[...] still has applications that slip through the cracks (such as some of the phishing apps that are currently getting coverage), policy enforcement has become a significant focus for Facebook. This means that developers who [...]

	Marcosof Informatica y Telecomunicaciones » Blog Archive: Saturday, 22. August 2009 um 1:20 pm

[...] un comentario en uno de sus posts. Las notificaciones parecen proceder de una aplicación llamada “sex sex sex and more sex!!!” (ya dada de baja) que, a pesar de resultar sospechosa y parecer confusa, ya cuenta con unos 287.000 [...]

	Facebook Applications Used For Phishing - All About Virus: Tuesday, 8. September 2009 um 5:06 pm

[...] c&#97n be found &#97t the &#67ounter Me&#97sures blog; the &#105n&#105t&#105&#97l report &#105s he&#114e and a follo&#119-up &#119as pos&#116ed [...]

	Facebook Applications Used For Phishing – Security Threat Research News: Monday, 7. December 2009 um 5:43 am

[...] posts detailing these findings can be found at the Counter Measures blog; the initial report is here and a follow-up was posted [...]

Name:

E-Mail (not published)

Website:

Spam protection

Sum of 2 + 5 ?