Tag Archives: Facebook Hacker

Malware Attacks – How Much Disclosure Are You Entitled To?

image I’m an advocate of full disclosure. I demand transparency (not always successfully), in every area that has the potential to impact my life at any level. Period.

Since cyber crime has the potential to affect me at a fundamental level, I expect that every aspect of all security vulnerabilities will be released by those you have access to this information. I’d be surprised if you felt differently.

As a reputable Blogger, I’m regularly updated by many of the leading security developers on recently discovered or pending security issues, so that my readers can stay current with changing malware conditions.

In fact, the objective of my Tech Thoughts Daily Net News column, is to do just that – notify readers of a seemingly never ending list of new security issues, as quickly as possible.

From time to time though, a security issue needs to be explained more fully. As an example, last week, BitDefender let me know of a so called Kiddie Script – Facebook Hacker, which can be used by amateur cyber crooks to construct malware designed to steal login credentials.

Based on the available information, I wrote an article “BitDefender Says Facebook Hacker: A Do-It-Yourself Kiddie Script Is On The Loose!” Not the first time, I might add, that I’ve reported on the availability of Kiddie Scripts, and the impact such freely available hacking tools can have on unwary Internet users.

I was not alone in reporting on this issue. Other tech sites that reported on Facebook Hacker included; hackinthebox, softpedia, itbusinessedge and techworld. As well, scores of prominent tech news aggregators, linked back to BitDefender’s original Blog post on this issue.

Imagine my surprise then, when I received a series of emails from a security developer executive, who argued that BitDefender, and by extension, me, had broken some sort of hidden rule – that it’s better to keep computer users in the dark with respect to certain security threats.

I must admit, I was taken aback by the implication that by reporting on Facebook Hacker, I was now part of the malware problem, and not part of the solution.

I’m on the far side of 50, and I’ve been at this game a very long time, so an insinuation that suddenly I’m part of the malware problem, definitely provoked a slow burn. Nevertheless, I was prepared to let this go. But, a security developer who can’t allow an alternative opinion, suggests a deeper issue exists.

Keeping computer users in the dark, at least in this security developer’s opinion, is less harmful than letting computer users know what they’re really facing in their increasingly difficult battle to stay safe against cyber criminals.

The gist of his argument was this – BitDefender, and again by extension, me, by reporting on Facebook Hacker, had told “every dickhead in the world where to find it.” So, I should have kept you in the dark.

Conveniently, the fact that  a Google search on “Facebook Hacker”, returns 24,900,000 results was not mentioned.

Curiously, in one email the following observation was made –

Until a couple of days ago Facebook Hacker was a low key (almost unknown, in fact) problem because very few people knew it existed….

Thanks to recent publicity there are now 34 anti-malware programs detecting the original … up from 20 a couple of days ago … up from a mere handful a couple of months ago.

So, you’d think that would be the end of the argument – that reporting on this issue was the right thing to do, since more antimalware applications are now  detecting malware produced by this kit – but no.

There was a further point that had to be made. One which negated the value of shining the light on this security threat.

If the grubs stay true to form there will almost certainly be more “upgrades” in the pipeline, and unlike the original which had limited distribution, a relatively minor payload, and little chance of success because most people aren’t silly enough to run an unsolicited email attachment, some of those “upgrades” might hit the mainstream as undetectable autorunners carrying vicious payloads.

Irresponsible “disclosures” telling perps where to download live malware ALWAYS do more harm than good!

Two questions need to be answered here:

First: What’s the point in paying for antimalware software unless there’s an implied agreement that the security vendor will do all that is necessary to seek out, and identify harmful threats, and develop an appropriate defense against these threats?

In this particular instance, that doesn’t seem to have been the case. Why did it take “recent publicity” before additional antimalware programs began detecting this malware?

Second: Why would cyber criminals need me, or anyone else for that matter, to point them to malware creation tools? The fact is, the Internet is awash in hacker sites. Pointing out that fact, was part of the purpose in writing the article.

I’ll restate my view, as I expressed it, in replying to these emails –

Being aware of danger is a prerequisite to preparing a defense against the danger. No, I’m definitely on the other side of the fence on this one. I expect full disclosure and access to information, not only in this type of situation, but in all areas where the information is required for me to adequately assess an issue.

I have a problem with anyone who sets themselves up as a arbitrator of what’s in my best interest. I don’t think I’m alone in recognizing that withholding information is rarely, if ever, in the public interest.

Do you see the value in full disclosure? Do you agree that antimalware vendors have an obligation to release information on threats that potentially can impact your Internet safety?

Or, would you rather remain unaware of existing, or impending security threats, and just take your chances with remaining malware free?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

25 Comments

Filed under Bill's Rants, blogging, cybercrime, Internet Security Alerts, Point of View, Tech Net News

BitDefender Says Facebook Hacker: A Do-It-Yourself Kiddie Script Is On The Loose!

image We live in a do-it-yourself world. We’re encouraged to renovate our own homes, repair our own cars, publish our own newsletters, and more; all without the support of paid professionals. It’s fair to say, that we are immersed in a DIY culture.

Not surprisingly then, if you want to create your own malware that will allow you to steal passwords, drop viruses, worms, adware, and Trojans, on innocent people’s computers, you’ll find a DIY culture on the Internet ready to help with a wealth of do-it-yourself malware kits.

The latest, so called Kiddie Script scourge, recently discovered by BitDefender, is Facebook Hacker – identified by BitDefender as Trojan.Generic.3576478.

Using this highly sophisticated do-it-yourself kit, there is no need for amateur cyber- crooks to be familiar with the intricacies of coding, or programming. In the image below, you can see just how easy it is to create malware that can have devastating impact on a victim’s computer. All of this without having to have any hacking skills, or programming knowledge.

According to BitDefender, Facebook Hacker is an application driven by a point and click interface, making it dead easy to construct malware designed to steal login credentials.

As the screen shot shows, there are only three fields that need completion – a disposable e-mail address, a password, and a target.

After clicking the “build” button, a server.exe file is created and deposited into the Facebook Hacker folder along with the initial files. This newly created malware (server.exe), is now ready to do its dirty work.

Here’s how BitDefender describes a Facebook Hacker attack:

Once run, the malicious tool will snatch the victim’s Facebook account credentials, along with all the usernames and passwords that we carelessly ask the browser to remember for us.

In order to successfully collect passwords, the malicious binary includes applications able to squeeze data out of the most popular browsers on the market, as well as of almost all instant messaging clients available.

To add insult to injury, the application also enumerates all dialup/VPN entries on the computer and displays their logon details: User Name, Password, and Domain.

To avoid detection, the Facebook Hacker will look for processes related to a security suite and kill them upon detection. It is important to mention that it is accessorized with a hard-coded list of processes associated with AV solutions that are to be checked and stopped, if found.

Last but not least, the piece of malware looks for network monitoring applications and terminates them. This is a safety measure that will prevent curious users from seeing their passwords leave the system.

In case you might think that this type of do-it-yourself malware creation kit is a new or an unusual phenomenon; it isn’t. Downloadable malicious programs, such as this, have been available for some time.

Some well known examples we’ve covered here in the past include, T2W – Trojan 2 Worm (Constructor/Wormer) – Script Kiddie Paradise, Constructor/YTFakeCreator – A New Kiddie Script/Malware Downloader, and BitTera.C – DIY Malware Creator for Script Kiddies.

These applications are so sophisticated, that even advanced computer users, and business networks, have been successfully penetrated by amateur cyber-criminals using these malicious tools.

Curious as to why these kits are free and downloadable on the Internet? Well, the accepted view is  – “real” cyber-crooks create these free “services” in order to create a market for their pay services – more sophisticated malware creation tools, often customized to the user’s needs.

Regular readers of this Blog are very familiar with the following tips, but they are worth repeating, which offer a substantial level of protection against attacks created by malicious applications that are currently flooding the Internet.

Do not click on unsolicited invitations to download software of any kind.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on that offers substantial protection against questionable or unsafe websites.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a website designed to download malware onto your computer.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

Never click on embedded cell phone links.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Keep your computer protected. Install a security solution and keep it up-to-date.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under BitDefender, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Kiddie Script, Malware Advisories, System Security, Viruses, Windows Tips and Tools, worms, WOT (Web of Trust)