Recent Hacks: NBC.com, Twitter, and Zendesk – Warnings: Tumblr, Pinterest

After dealing with multiple attacks on several sites, including Apple, Facebook, and Twitter – this being Java exploits. Now, it’s time to deal with more hacks, including NBC.com (which has been serving up malware for a day now) and Twitter. As in recent reports now, Tumblr and Pinterest have been forewarned.

The latest high profile organization that was recently hacked is the National Broadcast Company (NBC), more specifically on their website. The idea from the hackers is to use the website to infect visitors, using exploits and other JavaScript injections.

NBC.com’s hacked pages were modified to include additional HTML component called IFRAME, which is inline frame. This allows at least a 1px x 1px frame to be included independently in the webpage, which may contain malicious code. In HTML code, frames can be made to host web content. But, in the hands of the evildoers, aka cybercriminals, it is used as an effort to launch malware campaigns.

Malicious JavaScript was added to the mix, and also used the exploit kit called RedKit. It delivers one of two exploit files to try to take control of your browser.

I recognized something was wrong with NBC.com, which may have already been hacked a few weeks ago, and I posted the information on my Twitter account that a downloaded file was sent to my browser asking me to save or open it. This was on a sister site/blog, RedTape. I asked people to replicate it. The Twitter status can be found here.

What type of malware was delivered? Citadel or ZeroAccess, which are both crimeware families and botnets. They are usually part of several exploit kits.

This drive-by download situation is no good, as the pages were taken offline. Therefore, that dropped the traffic of those specific areas of the site. It is sure that this situation is a matter of cybercrime aimed at a financial side of things, not defacement or pranks.

Was it a big deal that it was NBC? No. In fact, it is sure the hackers were aimed at using a high-profile site, and apparently NBC.com was the easiest or quickest to access. Hackers rely on time and many other factors to make their approach(es).

Zendesk hacks and other various warnings

Zendesk is all about customer support…therefore no one really knows, except for those in the business of customer support. Big names use this service, which include Tumblr, Twitter, and Pinterest, among others. Hackers broke into the Zendesk systems, accessing email addresses of those big name customers, namely Twitter, Tumblr, and Pinterest.

How “pinteresting” that another hack has been born, which is related to a social network. Zendesk detailed the hack:

We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.

The companies involved made a point to tell its customers that they haven’t been hacked, but private information was stolen. Luckily, no password thievery was involved.

Obviously, an incident like this, just like the NBC.com incident, needs to be taken very seriously. Something must be done to stop the continuous hacks.

Twitter hacks additionally are nothing new. Many times, hackers used a backdoor, such as the tools the support team uses, to infiltrate the information of Twitter users. It’s not a huge gain, more possibly a waste of time.

Zero-Day Java Exploit Affects Facebook

After all of the latest attacks on government, corporate, and social networking organizations, Twitter the most recent, it appears Facebook had their share this year.

Facebook revealed yesterday that it was hit in January from an unidentified group of hackers, however, no user information was compromised during the attack.

Here is a snippet from the note issued:

Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.

It was said also that a zero-day Java exploit was found, when the suspicious domains in their logs revealed in the Java sandbox many vulnerabilities. The update was provided to Oracle who shipped patch(es) for the specific vulnerabilities found.

The company also stated, “We will continue to work with law enforcement and the other organizations and entities affected by this attack. It is in everyone’s interests for our industry to work together to prevent attacks such as these in the future.”

Other websites were additionally affected by this, and that the computers affected at Facebook were fully patched and clean before the attack.

FBI Report: Hacker Blackmailed over 350 Women to Strip on Webcam

The FBI has taken into custody a 27-year-old man, claiming that he hacked the accounts of Facebook users coaxing hundreds of women to strip on their webcams, while watching on Skype.

The man identified by the FBI as Karen (“Gary”) Kazaryan of Glendale, CA, was arrested yesterday on federal computer hacking charges.

According to a US Department of Justice press release, Kazaryan is claimed to have broken into victims’ Facebook and email accounts, changing their passwords, and searching for naked and half-naked photographs. He also gathered personally-identifiable information from the users, including passwords, personal details, names of friends, etc.

The report details also that Karen threatened the users who did not comply to his demands of stripping, that he would post nude photos of them on their own Facebook pages. It is also reported that approximately 3,000 photos were seized from the man’s computer. The FBI believes 350 women were lead in to “sextortion”.

The FBI is urging all women who believe they might be a victim to contact the Los Angeles Field Office at +1-(310) 477-6565.

Security Concerns This Winter – Android Malware, Facebook Problems, Anonymous, among other things

We’ve discussed over the past couple of weeks some of the things that happened in 2012, and things we’re focused on coming into the new year. There is a surge in a lot of security concern over several different issues, including Android malware, Anonymous, cyberwar, among other things. Here is a comprised list of the top concerns this Winter that we’ll be investigating on a continual basis.

1. Identity Theft – this can be a problem for most people that get viruses and other malware on their computer. It can also be a problem on social networks. It is best to have a good antivirus and keep your social networking information safe. You don’t have to enter everything in your profile. Leave some fields blank so it is more trivial for the unsuspecting stalker. Sadly, you cannot know who’s viewed your profile, which makes it more difficult to discover stalkers. Hmm…hint Facebook.
2. Spear-Phishing – plain and clear, spear-phishing is similar to identity theft. This is done by email-spoofing, which the attacker is masking him-or-herself as a legitimate company with legitimate looking emails. However, these emails are only subject to make you click and to either steal your information, or distribute malware, or even both. Normally, this is a big problem over the holidays, but now it’s starting to become widespread no matter the time of year.
3. Human Error and the Failure to Update – Vulnerabilities – It is true that humans forget a lot of things. One of the biggest security risks we have always faced is that users fail to update their browser plugins and programs on their computer. However, through the use of this vulnerability, attackers exploit and send malware your way. Using a vulnerability scanner can help you keep managed of this atrocity.
4. Browser Hijackers and Junkware – we still continue to see the problem of browser hijackers and junkware being distributed in installers for legitimate programs. What’s sad is, the royalties are so high for software developers to add in the install code for junkware, that the developers don’t know how bad the issue is. From Babylon Toolbar to Claro Search…these toolbars and homepage hijackers are unnecessary and technically need to be done away with. Good thing our security community has the ability to remove this crap with our special tools.
5. Malware growth on Other Platforms – it’s no surprise that malware problems are lighting up on the iOS now, as well as Linux. It sure will start to become a problem this year. Even more on Windows 8 and Android than any other device.
6. Android Malware Growth – This has become one of the biggest problems right now in the computing world is the steady high growth of malware on the Android platform. It will continue to be a problem, sadly.
7. Anonymous Cyberattacks, and Government Cyberwar – we will still see cybercrime and cyberwar problems continue this year.

Stay in tune with this blog for further updates.

Video “OMG I just hate Rihanna…” Facebook scam spreading

Messages are spreading between Facebook users, claiming that members of the social network have lost all respect for popular songstress Rihanna after watching a video.

However, if you’re careless enough to click on the link you will find yourself lured into a survey scam that attempts to earn affiliate cash for fraudsters.

A typical message trying to tempt users into falling for the scam looks like this:

If you were fooled into participating in this scam remove the message from your newsfeed, and delete any messages you may have inadvertently shared with your friends. That way at least you are no longer spreading it with your online chums. You can also report the link as spam – hopefully if enough people do it, Facebook will begin to stop the scam from spreading.

Read more on Naked Security

 

Prevent scams like this and other social network scams/issues:

Get the review of Malwarebytes’ Anti-Malware

Facebook alliance with key antivirus companies continues, update enclosed

Facebook has announced the expansion of their alliance with antivirus companies in hopes to better secure its users and promote good privacy… here is a quick scope of the details:

Today, we are excited to announce the expansion of our AV Marketplace to include 7 new partners to our growing coalition of security companies. Starting now, Facebook users will be able to download software from – avast!, AVG, Avira, Kaspersky, Panda, Total Defense, and Webroot. Not only do we have new partners but also many of our existing partners – Microsoft, McAfee, Norton, TrendMicro, and Sophos – will begin offering anti-virus software for your mobile devices. You can visit the AV Marketplace now to download your free anti-virus software for PC, Mac and Mobile.

Our new anti-virus partners bring with them both the latest software and comprehensive intelligence. As with our existing partners, these seven companies will help protect Facebook’s community of over a billion users by improving our URL blacklist system. This system scans trillions of clicks per per day, and before each click, the system consults the databases of all our AV Marketplace partners to make sure the website you are about to visit is safe. This means that whenever you click a link on our site you are protected both by Facebook and 12 of the industry leaders in computer security. We will be cooperating with these partners more in the future, and look forward to announcing new tools soon.

Read more now at the Facebook blog

 

 

See more antivirus recommendations

Miley Cyrus sex tape scam details

Unbelievable? Another social engineering attempt. Here is a source on the non-existent Miley Cyrus sex tape:

Facebook scammers are using the promise of a non-existent Miley Cyrus sex tape to lure users into giving up temporary access to their accounts. Once inside, scammers run a script to create automatic posts that tag friends and propagate the scam.

Here, again, we are dealing with the well-known, if not utterly obsolete, “copy/paste code” method whereby the scammer aims to steal the victim’s Facebook authentication token. This grants the scammer temporary access to the targeted Facebook account, including the victim’s list of friends.[HOTforSecurity]

 

Protect against these types of scams:

 

Facebook Given Short Notice to Stop Breaching Privacy

A consumer group in Germany has alleged over Facebook App Center about violating privacy laws.

According to the Washington Post, the Federation of German Consumer Organisations has given Facebook one week to stop automatically giving user information to third-party applications without explicit consent.

Legal action is possibly to Facebook, if these solutions are not met to fix privacy flaws, by September 4, 2012.

According to the New York Times about two week ago, “The company’s use of analytic software to compile photographic archives of human faces, based on photos uploaded by Facebook’s members, has been problematic in Europe, where data protection laws require people to give their explicit consent to the practice.”

Officials say this investigation and alleged charges are related to the Google Street View investigation, and similar actions can be taken, if necessary, to resolve the problem.

For the App Center, it’s put in place, some speculate, to help the Facebook mobile market and increase revenue for the company. With its competition against Apple or Android stores, it’s trying to gain attention quickly as an app store itself.

What makes governments and privacy experts nervous, is when Facebook developers make users opt-out, instead of opt-in. This means that new, potentially problematic, features are turned on by default. This requires too much work on the user, and an unfair advantage for Facebook.

Related articles

• Facebook given one week to stop breaching privacy laws (nakedsecurity.sophos.com)
• German consumer group sets Facebook privacy ultimatum (reuters.com)
• Facebook’s new app bazaar ‘violates’ punters’ privacy – lobbyists (go.theregister.com)

Blackhole Malware on Twitter: “It’s you on photo?”

Common Twitter scams have been highlighted over time by many security organizations. Please take note of the intro below, and then see the full investigation by Sophos:

If you are a Twitter user please be very cautious of clicking on links that claim you are pictured in an online photo.

Thousands of malicious links are being spammed out, targeting innocent users of the micro-blogging network.

The links point to Russian webpages that ultimately attempt to infect your Windows PC using the notorious Blackhole exploit kit.

Read more on Sophos Blog

Celebrity Nude Photos Trouble Rising Up

There are continuing stories repeatedly of nude photos being stolen from celebrities through hacks and other leaks across the internet. What the problem is, it reveals immorality maybe, but also violates the privacy of the celebrity.

It’s none of anyone’s business but the celebrity itself, on why they decided to post nude photos on the insecure internet. Whether you believe it or not, celebrities reveal way too much personal data too, except in different ways.

Of course, you’ll rarely get to access a celebrity’s Facebook account, or friend them. Now, seeing a Twitter account of a celebrity is probably more likely, but it’s probably not a personal account.

Personal social networking accounts for celebrities are unlikely to be public, and unlikely to be noticed, also! So, at least they know how to handle themselves in social networking. After all, it could cost them their job, for involvement in social networking.

Back on topic…Let’s example Scarlett Johansson’s situation, where Christopher Chaney was held guilty for hacking/leaking the nude photos of this celebrity. Even the same hacker got Mila Kunis’s photos as well.

Now, according to media reports, prosecutors have filed documents at the US District Court in California, calling for 35-year-old Chaney to spend 71 months in prison, and pay over $150,000 in restitution.

To avoid this situation, celebrities listen up: secure your email account with a better password!! End-of-story.