Kullanıcı1233
Kıdemli Üye
- 19 Tem 2011
- 4,371
- 12
Hackers spammed Facebook timelines and newsfeeds with malicious malware that spread *****graphic videos and images.
The attack left hundreds of social media users in India red-faced as they had to clarify it to their friends that they hadnt sent the message.
On Wednesday, majority of social media users in India refrain from using their FB accounts simply because they were scared that the X-rated material would attack their posts and messages.
The cybercrime cell of Agra Police firstly spotted the attack and claimed that it was triggered by a virus that belonged to the Kilim malware family. The same virus has caused such incidents all over the world.
Nitin Kasana, in-charge at the cybercrime cell, said that the attack began with a message on social media which stated watch urgent, because it is your video. Every time someone clicked on the link, their entire timeline and inbox was spammed with *****graphic material.
Kasana further added that the message also included a shortened ow.ly link, which took victims to a fake Amazon Web Services page. This in reality was a malicious website that was was used by crooks to verify the platform used by the victim, such as the desktop computer or mobile phone, and direct them to a different path depending on their machine.
Kasand revealed that Mobile users were redirected to affiliate pages that contain various offers, while desktop users were asked to download a file from a folder containing the malware. The file pretended to offer a collection of *****graphic videos. The malicious file was a downloader for the Facebook worm, which comes in the form of a Chrome extension and additional binaries. The last part of the attack was to spread among the victims Facebook friends, by sending the lure message.
Naturally, the attack embarrassed users to a great extent as many called their friends and relatives immediately to clarify about the message and to warn them to not click on the link or images present in the malicious message.
One of the affected Facebook users, Atul Verma, stated: I had to call and message over 50 people to inform them that my account has been hacked. I requested them not to open any files containing weird links. It was disgusting.
Cybersecurity expert Rakshit Tandon warned users and said: One should be extremely careful and inspect any link, specially shortened URLs, before clicking on them. Several thousands of Facebook accounts were subjected to the spam attack globally, including some parts of India, via porn malware, which unleashed massive quantities of violent and *****graphic images across users newsfeeds.
Tandon suggests that it was possible to a**** these kinds of attacks by immediately changing social network password, removing any or all unnecessary extensions from web browser and removing all Facebook apps on Facebook. He added: Finally, every user should mark unknown links as spam, so that Facebook can take it down automatically.
OUR THREAT REPORT ON KILIM MALWARE FAMILY:
Not so long ago we at HackRead reported about the Kilim malware family. We also urged users to be careful about two active malware threats on the Facebook. One was about Google Chrome Video Installer the other about a Facebook worm infecting users computers through Ow.ly link (URL shortening service).
Both of these threats are still active and operated though Kilim malware family.
THE INFAMOUS LINK:
When a Facebook user clicks on the infamous Ow.ly link that promises *** photos of teen girls in school, it redirects immediately to an Amazon Web Services page and later the user gets redirected to a compromised Box website. The function of this website is to inspect the users system. Users are then prompted to download a file and when it is installed the system gets infected instantaneously leading to the download of the worm. It then spreads the Ow.ly link to all contacts of the user on Facebook.
Segura explained the modus operandi of this attack pretty comprehensively in his post. He says: These offers usually end up being bogus apps or surveys. The file hosted on Box is trimmed down to a minimum size and its only purpose is to download additional components.
This is typically done to a**** initial detection, but also to allow the bad guys to update the backend code on the server so that the trojan downloader can retrieve the latest versions of each module. After the additional components are downloaded (Chrome extension, worm binary) they are installed on the machine and simply wait for the user to log into Facebook.
However, users who have clicked on the link via their mobile are taken to an offer page based on their geographic ******** and language.
Both the Facebook and Box are aware of the attack and the threat of this worm. For addressing this issue, Box is eliminating sharing privileges and deleting files from malicious accounts and is regularly performing security checks by scanning for viruses.
Conversely, Facebook is collaborating with the companies that have been targeted by attackers and the social media giant has blocked associated link as well as stopped the links from being spread on its platform.
The attack left hundreds of social media users in India red-faced as they had to clarify it to their friends that they hadnt sent the message.
On Wednesday, majority of social media users in India refrain from using their FB accounts simply because they were scared that the X-rated material would attack their posts and messages.
The cybercrime cell of Agra Police firstly spotted the attack and claimed that it was triggered by a virus that belonged to the Kilim malware family. The same virus has caused such incidents all over the world.
Nitin Kasana, in-charge at the cybercrime cell, said that the attack began with a message on social media which stated watch urgent, because it is your video. Every time someone clicked on the link, their entire timeline and inbox was spammed with *****graphic material.
Kasana further added that the message also included a shortened ow.ly link, which took victims to a fake Amazon Web Services page. This in reality was a malicious website that was was used by crooks to verify the platform used by the victim, such as the desktop computer or mobile phone, and direct them to a different path depending on their machine.
Kasand revealed that Mobile users were redirected to affiliate pages that contain various offers, while desktop users were asked to download a file from a folder containing the malware. The file pretended to offer a collection of *****graphic videos. The malicious file was a downloader for the Facebook worm, which comes in the form of a Chrome extension and additional binaries. The last part of the attack was to spread among the victims Facebook friends, by sending the lure message.
Naturally, the attack embarrassed users to a great extent as many called their friends and relatives immediately to clarify about the message and to warn them to not click on the link or images present in the malicious message.
One of the affected Facebook users, Atul Verma, stated: I had to call and message over 50 people to inform them that my account has been hacked. I requested them not to open any files containing weird links. It was disgusting.
Cybersecurity expert Rakshit Tandon warned users and said: One should be extremely careful and inspect any link, specially shortened URLs, before clicking on them. Several thousands of Facebook accounts were subjected to the spam attack globally, including some parts of India, via porn malware, which unleashed massive quantities of violent and *****graphic images across users newsfeeds.
Tandon suggests that it was possible to a**** these kinds of attacks by immediately changing social network password, removing any or all unnecessary extensions from web browser and removing all Facebook apps on Facebook. He added: Finally, every user should mark unknown links as spam, so that Facebook can take it down automatically.
OUR THREAT REPORT ON KILIM MALWARE FAMILY:
Not so long ago we at HackRead reported about the Kilim malware family. We also urged users to be careful about two active malware threats on the Facebook. One was about Google Chrome Video Installer the other about a Facebook worm infecting users computers through Ow.ly link (URL shortening service).
Both of these threats are still active and operated though Kilim malware family.
THE INFAMOUS LINK:
When a Facebook user clicks on the infamous Ow.ly link that promises *** photos of teen girls in school, it redirects immediately to an Amazon Web Services page and later the user gets redirected to a compromised Box website. The function of this website is to inspect the users system. Users are then prompted to download a file and when it is installed the system gets infected instantaneously leading to the download of the worm. It then spreads the Ow.ly link to all contacts of the user on Facebook.
Segura explained the modus operandi of this attack pretty comprehensively in his post. He says: These offers usually end up being bogus apps or surveys. The file hosted on Box is trimmed down to a minimum size and its only purpose is to download additional components.
This is typically done to a**** initial detection, but also to allow the bad guys to update the backend code on the server so that the trojan downloader can retrieve the latest versions of each module. After the additional components are downloaded (Chrome extension, worm binary) they are installed on the machine and simply wait for the user to log into Facebook.
However, users who have clicked on the link via their mobile are taken to an offer page based on their geographic ******** and language.
Both the Facebook and Box are aware of the attack and the threat of this worm. For addressing this issue, Box is eliminating sharing privileges and deleting files from malicious accounts and is regularly performing security checks by scanning for viruses.
Conversely, Facebook is collaborating with the companies that have been targeted by attackers and the social media giant has blocked associated link as well as stopped the links from being spread on its platform.
