GarettCom launches new versions to tackle Magnum vulnerabilities

US-based company GarrettCom has produced new firmware versions to mitigate vulnerabilities in Magnum 6k and Magnum 10k product lines. Issues like authentication, denial of service, and cross-site scripting vulnerabilities have been encountered in those versions. All versions prior to 4.5.6 of both the product lines have been affected.

The vulnerabilities can be exploited remotely by executing arbitrary code on the target device.

However, operational environment, architecture, and product implementation are the factors on which the impact on the individual organizations is based.

Researchers have found multiple XSS (cross-site scripting) vulnerabilities in the web server present on the device, which can be exploited by an unauthenticated attacker.

CVE-2015-3960 has been assigned for the vulnerabilities related to the use of hard core credentials. The firmware contains hard-coded RSA private keys and certificate files, which are used by the server for SSH connections and HTTPS connections. There is a hard-coded password for a serial console connected high privileged user.

Memory can be corrupted by issuing a certain form of URL against the device’s web server.

These vulnerabilities can be remotely exploited and no known public exploits specifically target them.

 According to the ICS-CERT, the latest versions of GarrettCom Magnum 6K and Magnum 10K software fix these vulnerabilities. Version 4.5.5 was released December 2014, and Version 4.5.6 was released January 2015. Users may download the latest software version and release notes from the following web site:
http://www.garrettcom.com/techsupport/sw_downloads.htm

ICS-CERT recommends that users should perform access control checks to limit the user’s reach of the feature. Use an application firewall to detect XSS attacks. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.


Airtel injecting Scripts into browsers? Will it Affect Your Privacy and Security?


After receiving huge criticism by its Airtel Zero plan, Bharti Airtel, an Indian multinational telecommunications services company, is now being accused of secretly injecting Javascripts, and iframes into the web browser in order to alter the browsing experience.

Thejesh GN, an info-activist and a programmer, published his findings on GitHub according to which Airtel is inserting Javascripts into user browsing sessions.

He said that the iframe tries to insert a toolbar into the browsing experience and that the parent URL of both the iframe and Javascript belongs to Bharti Airtel Bangalore.

He shared the injected script in Github.  The script is trying to inject an iframe pointing to this url "hxxp://223.224.131.144:80/l8/Layer8Servlet". 

However, Airtel has released a statement clarifying that it is building a tool to allow broadband users to get information about the amount of data they have used.

The company said that it developed new tool as non-mobile consumers demanded for easily tracking data usage while using surfing the web.

“Our customers have frequently asked us for ways of easily keeping a track of their data consumption specifically dongle and broadband users, who unlike mobile users, cannot receive real-time alerts on their usage,” Airtel said in a statement to NextBigWhat.

It is said that for an ISP, it is highly unethical to carry out such programs. However, no one has come up with any solution or anything.

In a reddit post, one of the users accused Vodafone of doing the same.

Just a month ago, a user posted the same issue in reddit.

Astoria - Researchers develop a new Tor client which aims to beat NSA


With an aim to beat powerful intelligence: like NSA, researchers have developed Astoria, a new Tor client which is said to be capable of protecting user’s privacy, even from such powerful intelligence agencies.

A cyber security researcher team from America and Israel come up with a new Tor client which is designed to make spying more difficult for the world's most capable intelligence agencies.

According to the research paper, people have used Tor, a popular anonymity system for users who wish to access the Internet anonymously or circumvent censorship, to prevent their activity from being tracked as Internet anonymity becoming difficult to establish.

However, Tor is not as safe as it was supposed to be, from the powerful intelligence agencies.

As a result the researchers have developed Astoria, which particularly focuses on defeating autonomous systems that has set up to intrude into Tor’s anonymity.

“In our experiments, we find that 58% of all circuits created by Tor are vulnerable to attacks by timing correlation and colluding sibling ASes. We find that in some regions (notably, China) there exist a number of cases where it is not possible for Tor to construct a circuit that is safe from these correlation attacks,” said in the research paper.

It added, “To mitigate the threat of such attacks, we build Astoria, an AS-aware Tor client. Astoria uses leverages recent developments in network measurement to perform pathprediction and intelligent relay selection. It not only reduces the number of vulnerable circuits to 5.8%, but also considers how circuits should be created when there are no safe possibilities. It performs load balancing across the Tor network, so as to not overload low capacity relays. Moreover, it provides reasonable performance even in its most secure configuration.”

The Astoria is aimed to do a list of things:
• Deal with asymmetric attackers.
• Deal with the possibility of colluding attackers.
• Consider the worst case possibility.
• Minimize performance impact.

An American admits hijacking plane mid-air: FBI

A security researcher told the Federal Bureau of Investigation (FBI) he had hacked an airplane’s engine with his laptop.

Chris Roberts admitted to hijacking a plane mid-flight in Feburary  taking control of its entertainment system resulting in the aircraft to fly sideways

According to a search warrant application, which was written by Mark Hurley, a FBI agent, in April, posted on Wired on Friday, Roberts said that he controlled one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights.

He was questioned last month when he was escorted off a United Airlines flight, there he had posted a tweet, which was in a humor, he gave hint in the tweet that he could control the aircraft's crew alert system and could passenger oxygen masks to drop.

After that, his computers were also seized by the FBI.

According to the application, Roberts said in a interview in February and March, he had hacked in-flight entertainment systems on 15 to 20 flights between 2011 and 2014. Every time he had pried open the cover of the electronics box which was located under passenger seats and he would connect his computer to the system with an ethernet cable. He had checked the system for security flaws and monitored communications from the cockpit.

 “We found that the electronics box under the seat in front of Roberts' showed signs of tampering,” Hurley wrote in the document.

On the same day, Roberts was removed from the flight.

Along with that the U.S. Government Accountability Office (GAO) released a report warning that hackers could bring down a plane by using onboard Wi-Fi systems.

In a report published on Sydney Morning Herald, Ken Westin, a security analyst from Tripwire said, 

“Connecting your laptop to an in-flight media system or anything on an actual plane with people on it is not the way to conduct security research."


"To also tweet a 'joke' about hacking a plane using specific technical details is also incredibly irresponsible I think," he added.

Certification problems from NetNanny exposes users to attack

NetNanny, the popular content control software has been found to be using a shared private key and root certificate authority which leaves it open to HTTPS spoofing and intercept.

“The certificate used by NetNanny is shared among all installations of NetNanny,” said Garret Wassermann, a vulnerability analyst at CERT. He added that " the private key used to generate the certificate is also shared and may be obtained in plain text directly from the software.”

An attacker can easily exploit this limitation to generate new certificates just by accessing the software. The spoofed certificate signed by NetNanny would appear to be trustworthy and might lead the user to a malicious site which is faking as a secure HTTPS site. Moreover, the attacker could intercept HTTPS traffic o carry out man in the middle attacks in the affected system without browser certificate warnings being triggered by the system.

The software, launched in 1995 is widely used by parents to filter internet services for their children. Presently the version 7.2.4.2 has been found to be vulnerable, as warned by CERT but other builds might be affected as well.Questions regarding a fix on the issue remains unanswered by ContentWatch, the dedeveloping company.

The users are strongly advised to remove NetNanny or at least remove the bogus certificates created by the service or to disable SSL filtering and manually remove certificates from there.

CSPF donates one lakh rupees to IronWASP project


Cyber Security & Privacy Foundation (CSPF), a non-profit organisation which provides solution to tackle cyber security and privacy issues, has donated Rs.1,000,00 to Iron Web application Advanced Security testing Platform (IronWASP) project, Asia's largest open source security project.

"We will use the donation to support the further development of the project," said Lavakumar Kuppan, the founder of IronWASP.

"It is really encouraging. We are not only getting funds but also feedbacks and comments which mean a lot to us."

According to Lavakumar, IronWASP’s main objective is to make web security easy and accessible to everyone. It is a scanner which automatically discovers security problems in web applications.

Though it is designed for security testers, others like admins, developers and QA testers can also use the software by following the video tutorials available on the project website. Almost anyone can download IronWASP and use it is for free.

"We are regularly adding new features to IronWASP" said Lavakumar. "We recently added Dynamic JavaScript vulnerability analysis capability, a feature that is unique to IronWASP. More additions are planned for future versions to make it more effective and help create a safer internet."

Hotel Management Company White Lodging appears to be latest victim of Data breach

There have been three massive data breaches reported in the last two months. The data breaches just keep coming. Now, it looks like people used their cards in a number of hotels might be at financial risk.

A latest report from Cybersecurity blogger Brian Krebs reveals a hotel management company White Lodging, which manages hotel franchises under nationwide brands including Hilton, Marriott, Sheraton and Westin, suffered a data breach involving customer's card information.

Krebs started the investigation, after he received reports from multiple sources in Bank industry saying that they have noticed a "pattern of fraud" on a number of cards that were previously used at Marriott hotels.

White Lodging told Krebs that an investigation is in progress and it will provide additional information as soon as it is available.

Krebs said the breach only impacted Mariott guests who used their cards at White Lodging-managed gift shops and restaurants.

Krebs is the one who uncovered the massive data breaches reported in the last two months at Target,Neiman Marcus and most recently Michaels Stores.

Google acquires a cybersecurity startup Impermium

Google has added one more startup to its acquisitions list, this time it is a cyber security startup "Impermium".

Impermium, founded three years ago, had raised $9 million in funding.  The company offers advanced risk-evaluation platform for detecting fraudulent registrations and risky transactions. 

"By joining Google, our team will merge with some of the best abuse fighters in the world. With our combined talents we’ll be able to further our mission and help make the Internet a safer place." Mark Risher, CEO and Co-founder of Impermium said in the official statement.

The company thanked its valuable investors in its statement including Accel Partners, AOL Ventures, Charles River Ventures, Data Collective.

According to Techcrunch, the company is notifying its customers that it will stop the services to third-party sites.  But, the team will be working on the same core problems and technology over at Google.  Google hasn't disclosed the value of acquisition. 

CyberTech 2014, International exhibition & conference for Cyber solutions


CyberTech 2014 (cybertechisrael.com) is one of the best International Cyber security conference going to happen in Israel which is Inaugurated by Israeli Prime Minister, Mr.Benjamin Netanyahu.

Leading multi-national companies, over a hundred start-ups, private and corporate investors, experts and many more are going to participate in this event.

The keynote speakers of the event are leading cyber security experts including Chairman and CEO of Kaspersky lab 'Eugene Kaspersky', Head of the Israeli National Cyber Bureau 'Dr.Eviatar Matania',  Senior Vice President of Cisco Systems 'Bryan Palma'.

Cyber Security Privacy Foundation(CSPF) is interested to take a delegation of corporate/companies to Israel.

Indian companies who would like to tie up with Israeli hi-tech cyber start-ups can contact CSPF.  If you need any assistance in getting VISA to Israel for the conference, you can also contact CSPF.

Contact Details of CSPF: Founder@CySecurity.org


Vevo website hacked by TeslaTeam via SQL Injection vulnerability

Tesla Team, one of the hacker group from Serbia has claimed to have breached the Vevo website(Vevo.com).

Vevo is a joint venture music video website owned and operated by Universal Music Group, Google, Sony Music Entertainment, and Abu Dhabi Media.

The team has discovered a SQL Injection vulnerability in one of the sub-domains of Vevo website that allowed hackers to compromise their database.

In a pastebin leak(pastebin.com/TAjce91x), the group leaked a vulnerable link as well as a proof of concept that exploits the vulnerability.  The dump of the database is claimed to have containing emails and password of admins and other users.

It appears some one with username "JoinSeventh" in HackForums has already published the vulnerability details in 2012.

90+ Russian Malicious domains used by Kelihos group taken down by Malware Must Die

Exclusive: Malware Must Die(MMD), the team which is dedicated to Malware analysis research, has taken down more than 90 Russian domains which have been confirmed as malicious.

It is part of their ongoing operation named "Operation Tango Down", an operation that deactivate the malicious domains with the help of Authorities - Several malware domains have been suspended.

Today, MMD announced that they are shutting down 97 .Ru Domains that serves the notorious Kelihos Trojan for the Red Kit Exploit Kit. 

Suspended Malicious .Ru domains - Image Credits: E Hacking News

According to the blog post , "the Kelihos Trojan were distributed in (mainly) East European (Ukrainian, Latvia, Belarus, Russia) and Asia servers (Japan, Korea, Taiwan and Hongkong) as the secondary layers, with also using the scattered world wide hacked machines".

You can find further details and full list of suspended domains at their blog: http://malwaremustdie.blogspot.jp

Facebook Spam abuses McAfee URL Shortener and Google Translator


We yesterday got a notification about a new facebook spam from one of EHN's reader.  What's interesting about this new spam is that it abuses the McAfee URL shortener for hiding the malicious URLs.

The spam post contains an adult picture saying "Emma Watson Star of Harry Potter made a sex Tape"  and "Link in the description".


Clicking the link will take the victim to the Google Translator page.  Within few seconds, you will be redirected to another page from translator - The page is hosted in a free hosting service "altervista.org".

As usual, the victims are asked to copy and paste the URL that contains the facebook access token in order to verify your age.

Facebook Access token stealing - Image Credits: E Hacking News


Once you clicked the "Activate" button , it will display a pop-up saying "8 New comments". Clicking the "continue" or next button will take you to a facebook app that asks the users to give permission for accessing your public profile, friend list, email addresses, birthday.

The spammers didn't ask your birthday for not sending birthday wishes :P .  The collected information will be used in future spam or for any other malicious purpose.

Permission to Access personal Information - Image Credits: E Hacking News

In the background, the spam post will be posted in your wall and your groups on behalf of you with the stolen access token. From what i observed, the spam also abuses the alturl, tinyurl, linkee and other url shortening services.

We have already warned you that Facebook is not the right place to watch porn.  Please spread this article and create awareness about the facebook spams.

Update:
We got a notification from one of our users that the same group is posting spam post with Twilight star Kristen Stewart name.

Update 2:
Redirection flow:
Url shortener link-->Google Translator --> fiddle.jshell.net --> plgngl.info -->ngltoken.altervista.org

The whois details of plgngl.info:
  • Registrant Name: Ngl Power
  • Street : Nonteladico 23
  • City : Roma
  • Email address: ngl@live.it

Other Domains registered by the same person:
buzzingcl.info
buzzingam.info
worldwarez.info
2fun4u.info

The 2fun4u.info has a text saying "If you're here maybe you're trying to steal my scripts. If so good luck" with a page title "NGL's viral scripts".

The plgngl.info has also been used in the Rihanna sex tape Facebook spam attak at the starting of this year.

*Update 3 - Tracking the Spammer:
Me and My friend "Janne Ahlberg" investigated the spam and found some interesting stuffs.  Here, I am sharing with you what we have found.

We started our investigation with the Domain Registrant name "Ngl Power". With few hints, we have managed to find the profile of the cyber criminal in one of the Top underground hacking forum.

He is distributing malicious facebook spam scripts to other cyber criminals.  From our investigation, we found that he is doing the distribution of malicious scripts since 2010.  It appears he is the criminal behind several Facebook spam campaigns.



He has provided malicious script for following SPAM campaigns:
  • "RIHANNA'S BIGGEST SCANDAL", 
  • "98 Percent Of People Cant Watch This Video For More Than 15 Seconds"
  • "Busty Heart - The woman that can smash things with her br****ts!"
  •  Man accused of trying to hide stolen TV in his pants 
  • Find Your Facebook Stalkers
  • Dad walks in on daughter... EMBARRASING!!! 
  • This is what Happend to his Ex GirlFriend
  • John Cena  died of a head injury
  • Justin Bieber Sex Tape

Janne found one of the thread posted in the forum by another cyber criminal  "kira2503" saying "NGL's money is refunded" with a screenshot where it displays the possible real name of the NGL.



However, what i observed from the thread is that it appears the spammer(NGL) got scammed by a scammer(kira2503). So we can't be sure whether the name provided in the screenshot is true one or not.

Our investigation leads to a "Facecrooks" facebook fan page where they have warned about the facebook spam.

One of the comment posted by user in the page reads "Really Angelo Tropeano?? You think with a pic of Facecrooks x'd out .. on a thread > Warning us NOT to click links Anyone is going to fall for your malware attempt?? Shameful. Reported".

One more user posted a comment "the troll known as angelo's link resolves to a html file on tumblr hxxx://static.tumblr.com/c5apoln/7Prmiktpx/cena.html? 93561071".  Following the Tumblr link leads us to the "hxxx://plgngl.info/tkn".  Yes it is the same domain used in the recent attack.


Following profiles might be associated with the spammer:

YouTube Profile: hxxx://www.youtube.com/user/nglyt2

Spammer's Blogger

Blogger  : hxxx://www.blogger.com/profile/11389969837864256446


Spammer's Twitter account

Twitter :  hxxxx://twitter.com/ngltw

We are still investigating the campaign.  If we find anything interesting, we will update.

Hackers convince bank to send $15000 wire transfer with the help of Hacked Gmail account


It is time to enable the Google two-step authentication feature.  If the website is providing you additional security feature, it is always good to use that feature.  This news will help you to understand the risk of ignoring the additional security feature.

Cybercriminals hacked the Gmail account of a Dubai based Indian expatriate Anil Abraham and used the account to convince bank to transfer $15,000 from his bank account in India.

When Anil contacted the Bank, he was told by the Branch Manager that the Money was transferred at his request only via email.  The cybercriminals are reportedly send a signed document with the email to trick the Bank into transfer the money.

According to Emirates247 report, the money was transferred to someone named Garry Albert Frazer to Westpac bank account in New Zealand.

Anil said whoever hacked into his email id had managed to steal fianancial information and managed to use those info to write email to Bank with forged signature.

I'm still wondering how bank allowed the cyber criminal to steal the money, they usually don't allow us to transfer money via email accounts without any personal verification.  As far as i know, Bank always careful when it comes to big amount of transfer - $15,000(nearly 90,0000 Rupees).

Though it is mistake of Bank, It is always good to enable security feature on your side.  Don't wait until your account get hacked, Enable the Two-step authentication : http://www.google.com/landing/2step/

Hacked email ids of Delhi Export Company helped hackers to trick clients into wiring Money



Delhi cyber cell has recently received complaints from a leading export house in the city.

The complaint was that the criminals got access of the email ids and tricked their clients by sending them mails on their behalf and managed to get $31,000 from one of the client.

On further inspection it has been noticed that the attack is done from two different parts one from Delhi and the other from London.

A case under section of fraud and Information Technology Act has been registered by the crime branch. "Till now, cyber criminals had been targeting individuals. But this shows that an extremely organized gang is committing crimes on an international level," a source said. Times of India Reports.)

Manoj Tuli, the managing director of the company has revealed that at least three email-ids, belonging to him and his staff, were hacked by the criminals.

An officer reported that-'In the fake emails attackers deceived the clients by informing that the company's bank account could not receive payments any more and therefore, further payments must be made on their new account — 304259*** — of Nationwide bank in London.'

One of the emails, as accessed by TOI, reads - "Our bank just informed us about our account reaching its payment-receiving limit. Please use our new account details, attached alongwith, to make payments from now on."  The attackers account was in the name of Naankang Dawan.

Well the officers are at their work and tracing the frauds and the route of money transaction but its time to think is anythng safe out here now.

Is Government really going to Ban Android in India?


Few days back, We became aware of a rumor saying "Android may get banned in India by government".

If i'm not wrong, Telecom Minister Kapil Sibal just wanted to ban the apps from Playstore that serves adult-content.

"I want you people to suggest how can we close it. If we want to close it, you will attack us. I want all the media to come together and tell the minister how to deal with it so that if I do something about it, you don't attack me," DNA India quoted Sibal as saying.

In a response to the Telecom Minister's statement, the Google spokesperson said "Google Play developer programme policy does not allow content that contains nudity, graphic sex acts, or sexually explicit material. Google has a zero-tolerance policy against child pornography"

It added that if Google becomes aware of such kind of adult content with child pornography , they will report it to the authorities and remove the account which distributes the app.

It is just about android app serving adult content, they are not going to ban the Android OS itself.  As a matter of fact, the Akash Tablets are also using Android OS.

Using Internet ?! Then, Don't expect Privacy , #PRISM is here !



Yes, If you are using Internet, then forget about the Privacy.  Recent report from Guardian is another example that confirms privacy in internet is Illusion.  The whistleblower Edward Snowden has leaked few files that confirms Microsoft collaboration with the U.S authorities.

According to the Guardian report,  Microsoft helped the NSA and FBI to access the unencrypted messages sent over Outlook web chat, Hotmail services and Skype.

Microsoft also helped the authorities to access its cloud storage service SkyDrive. The Skype video & audio calls was also reportedly being collected through PRISM.

"Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;" The report reads.

Secure Gmail Chrome extension to encrypt Gmail Messages

Are You Worrying about Privacy and PRISM? Would you like to boost little security to your confidential mails? Then, here is a small solution for you.  SecureGmail is a Google chrome extension that allows you to encrypt your Gmail messages before sending.

Once you installed the extension, you can see a lock icon near to the Compose button in your Gmail.  Just click the icon to send the Secure Mail. Once you clicked the icon, you will get a normal Gmail "compose" interface with title "Secured"


In Secure mode, the Gmail can't track what you are typing and won't able to save the message in the Draft. 


Click the "Send Encrypted" button, now you will be asked to enter the password- a long & strong password will be good and don't enter any hints.

The best part is that the encryption process will be done in your local machine, Google won't be able to read the plain-text message. 


The recipients will be able to decrypt the message only if they have the passwords that you can message them(but don't send it via Internet )

It is open source project which means that you can review the source code of the extension and help/share your ideas to improve it.
Here you can download it:
https://chrome.google.com/webstore/detail/secure-gmail-by-streak/jngdnjdobadbdemillgljnnbpomnfokn

Conclusion:
* Using the Same password for all messages is not good security measure but using unique and strong passwords will be hard to remember. 

You can use our comment section to share Your Thought about this extension- Do You think it will provide complete protection against privacy problems?

Fingerprints may now needed to get new SIM cards in India

Fraudulent SIM cards being circulated through small retailers poses a potential risk to the National Security. To bring end to misuse of the SIM Cards and reduce security issues, the Home Ministry has asked the Department of Telecommunication(DoT) to make the Fingerprint verification or any other biometric scans mandatory when issuing new SIM Card.

"Sim cards are used for various authentication...if this is taken it can make sure the culprit cant claim i did not take the SIM. proving is easy if someone used fingerprint and took the SIM." Experts from Cyber Security &Privacy Foundation(CSPF) told EHN when we asked about the new verification method.

"It makes it in convenient for people to purchase SIM cards. people cant buy in small shops...may be we should go to showrooms of service providers and buy it."

EHN: Do you think it will stop the people who get sim card with forged doc?
CSPF: depends on how fingerprint is done and taken. lets us say if fingerprint is taken directly on the machine which processes application using fingerprint reader. the showroom people are involved issuing the sim card to a criminal. they can make another guy put his fingerprint for criminals sim card and issue....if its in a paper its more easy to do this

"I think this system wont work if insiders are involved. most black SIM gets sold with insider involvement." Says experts.


According to TelecomLead, the new initiative may be rejected by telecom operators, as it will be a lengthy and costly process.

Incapsula Login Protect - Boost Your Website Security with Two Factor Authentication

Exclusive: You want to Protect your Admin Panel and Feeling just a password is not good enough to secure your website? Here, Incapsula is introducing a newest security feature "Login Protect" to boost the Website Security.

Login Protect is a flexible and easy-to-integrate Two Factor Authentication solution. Incapsula clients can use it to deploy 2 Factor Authentication (2FA) on any URL (or URL group).

With Login Protect you can:
  • Protect login to administrative areas (e.g., Wordpress or Joomla admin) 
  •  Protect remote access to corporate applications (e.g., employee portal, web mail)
  • Restrict access to sites or parts of a site (e.g., staging or invitation only areas)


Unlike other 2FA services, Login Protect's integration requires absolutely no coding, data base modification of usage of additional hardware (i.e. security keys).

All Incapsula clients, free or paid, will be able benefit from this new feature and the extra layer of protection it provides to their websites and web applications.

"By now, the need for Two Factor Authentication should be quite obvious. Still, many website owners and web developers shy away from 2FA, mostly due to the complexity of integration." Igal Zeifman, Incapsula Product Evangelist told EHN.

"We aim to change that by providing a flexible and easy-to-use 2FA solution – a solution that anyone can use to secure their login pages, internal portals, staging areas and web applications."

Adriana Lima FuckTape! - Another Facebook spam campaign use New Trick

Here we go, E Hacking News have come across a new facebook spam campaign titled "Adriana Lima FuckTape! ".   I became aware of this spam after few Facebook friends got infected by this campaign.

According to Wikipedia, Adriana Lima is a Brazilian model and actress who is best known as a Victoria's Secret Angel since 2000. (Sorry i didn't know about her before Cybercriminals started to use her name :P )

Unfortunately, i can't post the screenshot of the spam post as it contains adult pictures.  "Adriana Lima FuckTape! Watch: hxxx://xxx-videotube.com/"  The spam post reads.

At first, i thought it is real porn website( The name made me to believe and they didn't use any URL-shortners).  So i didn't follow the provided link and asked friends how users are getting infected.  Suddenly , i realized that it is the spam website ;) 

I followed the link and the website invited me with a gif image mimicking an embedded YouTube video player.   The video player displayed an error message saying "Sorry, you must be 18+ to view this video.  Click to verify".

Here comes the interesting part.  CyberCriminals implemented a new method to trick facebook users.

Once you click the image, it will ask you to "Move the favicon out of the box".  I hope you know what will happen when you follow the instructions-  Your account will be compromised.


When you drag the favicon, it actually drags the URL Opened in the small browser(The url contains the facebook access-token).  You are unwittingly handing over the Faecbook access token to the cyber Criminals.  Using the stolen token, they can post from your facebook account.

This new method is quite different from the previous method used by the spammers in recent spam campaign titled "She went inclusively nuts and lost all control of the razor-sharp axe".