BitDefender Says Facebook Hacker: A Do-It-Yourself Kiddie Script Is On The Loose!

image We live in a do-it-yourself world. We’re encouraged to renovate our own homes, repair our own cars, publish our own newsletters, and more; all without the support of paid professionals. It’s fair to say, that we are immersed in a DIY culture.

Not surprisingly then, if you want to create your own malware that will allow you to steal passwords, drop viruses, worms, adware, and Trojans, on innocent people’s computers, you’ll find a DIY culture on the Internet ready to help with a wealth of do-it-yourself malware kits.

The latest, so called Kiddie Script scourge, recently discovered by BitDefender, is Facebook Hacker – identified by BitDefender as Trojan.Generic.3576478.

Using this highly sophisticated do-it-yourself kit, there is no need for amateur cyber- crooks to be familiar with the intricacies of coding, or programming. In the image below, you can see just how easy it is to create malware that can have devastating impact on a victim’s computer. All of this without having to have any hacking skills, or programming knowledge.

According to BitDefender, Facebook Hacker is an application driven by a point and click interface, making it dead easy to construct malware designed to steal login credentials.

As the screen shot shows, there are only three fields that need completion – a disposable e-mail address, a password, and a target.

After clicking the “build” button, a server.exe file is created and deposited into the Facebook Hacker folder along with the initial files. This newly created malware (server.exe), is now ready to do its dirty work.

Here’s how BitDefender describes a Facebook Hacker attack:

Once run, the malicious tool will snatch the victim’s Facebook account credentials, along with all the usernames and passwords that we carelessly ask the browser to remember for us.

In order to successfully collect passwords, the malicious binary includes applications able to squeeze data out of the most popular browsers on the market, as well as of almost all instant messaging clients available.

To add insult to injury, the application also enumerates all dialup/VPN entries on the computer and displays their logon details: User Name, Password, and Domain.

To avoid detection, the Facebook Hacker will look for processes related to a security suite and kill them upon detection. It is important to mention that it is accessorized with a hard-coded list of processes associated with AV solutions that are to be checked and stopped, if found.

Last but not least, the piece of malware looks for network monitoring applications and terminates them. This is a safety measure that will prevent curious users from seeing their passwords leave the system.

In case you might think that this type of do-it-yourself malware creation kit is a new or an unusual phenomenon; it isn’t. Downloadable malicious programs, such as this, have been available for some time.

Some well known examples we’ve covered here in the past include, T2W – Trojan 2 Worm (Constructor/Wormer) – Script Kiddie Paradise, Constructor/YTFakeCreator – A New Kiddie Script/Malware Downloader, and BitTera.C – DIY Malware Creator for Script Kiddies.

These applications are so sophisticated, that even advanced computer users, and business networks, have been successfully penetrated by amateur cyber-criminals using these malicious tools.

Curious as to why these kits are free and downloadable on the Internet? Well, the accepted view is  – “real” cyber-crooks create these free “services” in order to create a market for their pay services – more sophisticated malware creation tools, often customized to the user’s needs.

Regular readers of this Blog are very familiar with the following tips, but they are worth repeating, which offer a substantial level of protection against attacks created by malicious applications that are currently flooding the Internet.

Do not click on unsolicited invitations to download software of any kind.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on that offers substantial protection against questionable or unsafe websites.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a website designed to download malware onto your computer.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

Never click on embedded cell phone links.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Keep your computer protected. Install a security solution and keep it up-to-date.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under BitDefender, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Kiddie Script, Malware Advisories, System Security, Viruses, Windows Tips and Tools, worms, WOT (Web of Trust)

5 responses to “BitDefender Says Facebook Hacker: A Do-It-Yourself Kiddie Script Is On The Loose!

  1. Pingback: The Teenage Hacker – Fact Or Myth? « Bill Mullins' Weblog – Tech Thoughts

  2. ROFL!

    I’ll email you info on this “recently discovered by BitDefender” thing dating back months, Bill.

    Putting “latest scourge” spin (advertising BS ?) on old news is really scraping the bottom of the barrel!

    • On Wed, Aug 18, 2010 at 8:17 PM, Bill Mullins wrote:

      Hey Rod,

      I look forward to that.

      Curious thought, since the email from BitDefender just yesterday, reads in part – “Wanted to give you a quick heads up on a new multi-stage attack tool Facebook Hacker which is a quick do-it-yourself kit for stealing login and credentials.”

      As well, Softpedia, and Net-Security.org, reported on this same issue just today.

      Bill

  3. Pingback: Anonymous

  4. Pingback: Malware Attacks – How Much Disclosure Are You Entitled To? « Bill Mullins' Weblog – Tech Thoughts