Facebook’s notification to aware people about suspected cyber attack


Sample of the newly launched notification.
Don’t ignore a notification on Facebook by the Facebook which warns its users that their accounts have been targeted or compromised by an attacker suspected of working on behalf of a nation-state.

Along with other emotions, Facebook has recently launched the notification which warns the user if it finds his/her Facebook account has been targeted by an attacker working on behalf of a nation-state.

“Starting today, we will notify you if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state,” Alex Stamos, chief security officer at Facebook, said on October 17.

He added, “While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored. We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”

The company has also clarified that the warning is not related to any compromise of Facebook's platform or systems, and that having an account compromised in this manner may indicate that users’ computers or mobile devices have been infected with malware.

“Ideally, people who see this message should take care to rebuild or replace these systems if possible,” the security officer said.

However, at this point, the Facebook is still not able to explain how they attribute certain attacks to suspected attackers, in order to protect the integrity of our methods and processes.

“We plan to use this warning only in situations where the evidence strongly supports our conclusion. We hope that these warnings will assist those people in need of protection, and we will continue to improve our ability to prevent and detect attacks of all kinds against people on Facebook,” he added.

Lackadaisical VAPT leads to big hole in Cyber Security



Vulnerability analysis and penetration testing (VAPT) is the bedrock for cyber security. How can one fix problems if one does not know what the problem is? Ignorance is no bliss when it comes to cyber security - one estimate of annual cost of cyber crime to global economy ranges from US $ 375 billion – US $ 575 billion. That’s a lot of money.

Pity then that many companies undertake VAPT as an eye wash for ISO 270001, to secure for themselves a compliance certificate. IT vendors/IT Consultants are usually tasked with undertaking VAPT, and these firms in turn outsource it further to so called specialists, sometimes without the clients’ knowledge.

Vulnerability testing is deeply technical issue. When one is faced with situations such as Advanced Persistent Threats (APT) and 0 Day Vulnerabilities, it needs to be borne in mind that businesses are up against highly skilled and creative hackers. Such attackers typically belong to organized criminal groups, mafia groups, Black Hat hacker groups or state backed groups.

APT attack happens when committed adversaries persistently utilize advanced technologies to compromise targets. Extremely hazardous 0 Day exploits (vulnerabilities found by hackers and never reported to security vendors) are found in Operating Systems, Application Software, Browsers’ like Chrome, Firefox, Antivirus Software, Firewall, and Internal Application Software. On an average, twenty 0 Day vulnerabilities exist in any given server. O Days have the greatest amount of success and damage rates and least probability of detection by firewalls/IDS/AV's etc.

The lack of seriousness with respect to VAPT also extends to the “purchasers” of such services. Businesses are not fully equipped to understand the complexities of VAPT. One has heard of instances where a firm sought to dictate the nature of a Test, the date, time and even the server and port/s to be tested. All this fussiness may be relevant when it comes to a haircut, but not in the context of a VAPT. Hackers, of course, are famous for not following any rules whatsoever and thumbing their noses even at hyperactive cyber defenses, leave alone amateurish ones.

The crux of the whole problem appears to lack of senior management or CISO involvement in a VAPT or a similar exercise. This is a matter that cannot be left to systems administrators or developers who are better equipped to remediate the security issues than discovering vulnerabilities.

The lack of senior management attention is often seen in the nature of testing firms recruited to undertake the assignment. Inferior manpower (tool runners abound), no post exploitation skills, - no access to ultra critical 0 Day exploits, no APT “War Gaming” skills, no real white hat hackers on board with practical experience (only people with some theoretical knowledge), limited skills on network analysis – these are some of the downsides of testing firms normally used.

Businesses need to address such issues by ensuring senior level, even board level involvement in cyber security. Further their cyber security vendor selection process needs to be more precise and demanding. Vendors need to have very deep domain knowledge, years of penetration testing experience, sophisticated tools, access of hundreds of 0 Day exploits, and staffed by established and well networked bug bounty hunters and white hat hackers.

Author:
J Prasanna
Founder, Cyber Security & Privacy Foundation

New Android Ransomware locks Victim's Phone Permanently

Security researchers at ESET have discovered the first malware that could allow an attacker to reset the PIN of anyone’s phone to permanently lock them out of their own device.

“This ransomware also uses a nasty trick to obtain and preserve Device Administrator privileges so as to prevent uninstallation. This is the first case in which we have observed this aggressive method in Android malware,” the researchers said in a blogpost.



The malware dubbed LockerPin, which spreads via an adult entertainment app called Porn Droid, could change the infected device's lock screen PIN code and leaves victims with a locked mobile screen, demanding a $500 ransom.

Researchers said that there was no effective way to regain access to infected devices without losing personal data. Rebooting the device in Safe Mode, uninstalling the offending application and using Android Debug Bridge (ADB) could not solve the problem.

In order to unlock the device to perform factory reset that wipes out all the personal data and apps stored on users device.

According to the researchers, as the lock screen PIN is reset randomly, paying the ransom amount won't give the users back their device access, because even the attackers don't know the randomly changed PIN code of their device. This is a novelty among ransomware, usually they do everything possible to unlock the device, up to and including live tech support.

If the ransomware gets installed on anyone’s smartphone, the app first tricks users into granting it device administrator rights. It does so by disguising itself as an "Update patch installation" window.
After gaining the control over phone, the malicious app goes on to change the user's lock screen PIN code, using a randomly generated number. Though the majority of infected devices are detected within the United States, the researchers have spotted the infections worldwide.


Researchers have suggested that in order to protect our smartphone from the ransomware, please do not install apps outside of the Google Play Store. Similarly, don't grant administrator privileges to apps unless you truly trust them.

WhatsApp fixed a security flaw that could allow attackers to Hack WhatsApp accounts


Hey people! In order to make sure you are protected, update your WhatsApp Web right now.

Kasif Dekel, a security researcher at Check Point, discovered significant vulnerabilities that exploit the WhatsApp Web logic, allowing attackers to trick victims into executing arbitrary code on their machines .

“All an attacker needed to do to exploit the vulnerability was to send a user a seemingly innocent vCard containing malicious code. Once opened, the alleged contact is revealed to be an executable file, further compromising computers by distributing bots, ransomware, RATs, and other malwares,” the researchers wrote in a blog.

As per the researcher, in order to target an individual, the attacker needs is the phone number associated with the WhatsApp account.

According to Kasif, WhatsApp Web allows users to view any type of media or attachment that can be sent or viewed by the mobile platform/application. This includes images, videos, audio files, locations and contact cards.

While doing the research, he found that by manually intercepting and crafting XMPP requests to the WhatsApp servers, it was possible to control the file extension of the contact card file. This means, once the victim clicks the downloaded file (which he assumes is a contact card), the code inside the batch file runs on his computer.

The researcher said that they were surprised to find that WhatsApp failed to perform any validation on the vCard format or the contents of the file, and when they crafted an exe file into this request, the WhatsApp web client happily let us download the PE file in all its glory.

WhatsApp verified and have deployed deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client.

Creepy Voice that you heard from Your Baby Monitor is not of a Ghost


Beware of the cameras connected to the Internet or the security cameras and monitoring as these systems can be easily hacked by the hackers. It camera hacking has become a serious issue now as of the potential for unauthorized people to make video recordings.

Ontario Provincial Police (OPP) issued a warning on Wednesday reminding people that these systems can be susceptible to hackers because many have an option to be used remotely enabled by default after a family from southwestern Ontario witnessed on July 7 a baby monitor watching their young child when it suddenly began playing music and a voice said they were being watched.

According to Liz Melvin, the OPP Const, the child was about to sleep in the nursery when the camera was remotely activated.  


“The camera played some eerie music and a voice could be heard indicating the parent and child were being watched,” Melvin told National Post. “Obviously it’s going to be disturbing.”

She said the family’s Internet service provider confirmed the router had been hacked and the source of the hack could be from anywhere in the world.

Although, such kid monitor hacking cases have been reported every month, Melvin said no other incidences have been reported and she wasn’t aware of any past investigations into this type of camera hacking in the area.

She said there are no suspects in the case and the investigation is ongoing.

In a bid to protect, people should use passwords to protect access to the Internet connection and access to monitoring systems. Similarly, buy cameras from trusted sources and cover them cameras when not in use.

SEBI comes up with cyber security policy for stock exchanges, depositories and clearing corporations

Securities and Exchange Board of India (SEBI), which established in 1988 to regulate the securities market in India, asked stock exchanges, depositories and clearing corporations to put in place a system that would prevent systems, networks and databases from cyber attacks and improve its resilience.

According to a report published on LiveMint, the SEBI said these Market Infrastructure Institutions (MIIs) need to have a robust cyber security framework to provide essential facilities and perform systemically critical functions of trading, clearing and settlement in securities market.

“As part of the operational risk management framework to manage risk to systems, networks and databases from cyber attacks and threats, the MII should formulate a comprehensive cyber security and cyber resilience policy document to put in place such a framework,” the SEBI said.

It is said that the SEBI also asked the MII to restrict access controls in the time of necessary.
As per which no one will have any intrinsic right to access confidential data, applications, system resources or facilities.

The SEBI has asked it to deploy additional controls and security measures to supervise staff with elevated system access entitlements.

According to the news report, the SEBI Chairman UK Sinha said that attackers are attacking in a more sophisticated manner.  

“We are worried over state-sponsored cyber attacks. There are worries that the vulnerability in markets are increasing. We need to create a framework for future plan of action on securities market resilience,” he added.

The exchanges and other the MIIs would also have to submit quarterly reports to the SEBI, containing information on cyber attacks and threats experienced by them and measures taken to mitigate vulnerabilities, threats and attacks including information on bugs, vulnerabilities and threats that may be useful for other the MIIs.

Along with this, the MIIs have to share the useful details among themselves in masked and anonymous manner using a mechanism to be specified by the regulator from time to time, to identify critical assets based on their sensitivity and criticality for business operations, services and data management.

Likewise, it should maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows.

The SEBI asked market stakeholders to establish baseline standards to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise mobile devices within the IT environment and also to restrict physical access to the critical systems to minimum. 

British lady lost £50,000 in a “phishing scam”

Beware of doing any Online transaction as a lady from London has claimed that she lost £50,000, her life savings in a “phishing scam”.

According to a report published on BBC, the 59-yeat-old Vivian Gabb told in the Victoria Derbyshire’s, a British journalist and a broadcaster, was in the middle of buying a house when her email got hacked by the crooks.

She said that she was conned out of her life savings by scammers who sent her a 'phishing' email with instructions to wire the money to the “bank”.

She was unaware that every email she wrote and received was being monitored by criminals.

According to her, the criminals sent her a message disguised as a follow-up email from her solicitor and asked her to deposit nearly £50,000 into their account.

According to the news report, the Get Safe Online,  an internet safety advice website, says more than half (51%) of people in the UK have been a victim of an online crime, and 15% of people have been victims of either attempted or successful hacks of their email account.

Kaspersky Lab discovers Grabit, small and mid-sized businesses targeted

A cyber-spying campaign “Grabit” has been discovered by the Kaspersky Lab that can steal about 10000 files from small and medium-sized businesses in areas like chemicals, nanotechnology, education, agriculture, media and construction in Thailand, India and the United States.


Ido Noar, Kaspersky Lab's Senior Security Researcher from the Global Research and Analysis team mentioned that a simple Grabit keylogger was found to be sustaining thousands of victim account credentials from hundreds of infected systems on the May 15.

The virus finds its feet when a user receives an email with an attachment that is a Microsoft Office Word (.doc) file. The user clicks to download it and the Grabit is delivered to the machine from a remote server.

Due to the activeness of Grabit, it is important for the users to check the network for ensuring safety in the system.

HawkEye keylogger, a commercial spying tool from Hawk Eye Products and a configuration module containing a number of Remote Administration Tools (RATs) are used by the attackers to control their victims.


Kaspersky lab revealed that 2,887 passwords, 1,053 emails and 3,023 usernames from 4,928 different hosts including Faceook, Twitter, Skype and LinkedIn were stolen by a keylogger in merely one of the command-and-control servers.
To protect against Grabit, Kaspersky Lab has recommend businesses to follow these rules:
·         Check this location C:\Users\<PC-NAME>\AppData\Roaming\Microsoft. If it contains executable files, you might be infected with the malware.
·         The Windows System Configurations should not contain a grabit1.exe in the startup table. Run "msconfig" and ensure that it is clean from grabit1.exe records.
·         Do not open attachments and links from people you don't know. If you can't open it, don't forward it to others - call for the support of an IT administrator.
·         Use an advanced, up-to-date anti-malware solution, and always follow the AV task list for suspicious processes.

Airtel injecting Scripts into browsers? Will it Affect Your Privacy and Security?


After receiving huge criticism by its Airtel Zero plan, Bharti Airtel, an Indian multinational telecommunications services company, is now being accused of secretly injecting Javascripts, and iframes into the web browser in order to alter the browsing experience.

Thejesh GN, an info-activist and a programmer, published his findings on GitHub according to which Airtel is inserting Javascripts into user browsing sessions.

He said that the iframe tries to insert a toolbar into the browsing experience and that the parent URL of both the iframe and Javascript belongs to Bharti Airtel Bangalore.

He shared the injected script in Github.  The script is trying to inject an iframe pointing to this url "hxxp://223.224.131.144:80/l8/Layer8Servlet". 

However, Airtel has released a statement clarifying that it is building a tool to allow broadband users to get information about the amount of data they have used.

The company said that it developed new tool as non-mobile consumers demanded for easily tracking data usage while using surfing the web.

“Our customers have frequently asked us for ways of easily keeping a track of their data consumption specifically dongle and broadband users, who unlike mobile users, cannot receive real-time alerts on their usage,” Airtel said in a statement to NextBigWhat.

It is said that for an ISP, it is highly unethical to carry out such programs. However, no one has come up with any solution or anything.

In a reddit post, one of the users accused Vodafone of doing the same.

Just a month ago, a user posted the same issue in reddit.

Hackers now target banks’ websites, mobile apps


Hackers from Deep Web, which also known as Deep Net, Invisible Web, or Hidden Web, and the portion of World Wide Web’s content which is not indexed by standard search engines, are now targeting India-based banks’ websites, mobile applications and online services, say cyber security experts.

According to a report published on Deccan Chronicle on 2 June, the hackers are disrupting banking operation by pulling down their websites, mobile applications and online services.
In the last two days, hackers have targeted online banking sites of various banks including City Union Bank (CUB), Tamilnad Mercantile Bank (TMB) and Vijaya Bank.

The new report says that in hit-list of the hackers obtained from onion site on Thursday, they said that they would target a mobile app of a leading private bank. Similarly, it would be the net banking of a nationalized bank.

J. Prasanna, Founder of Cyber Security and Privacy Foundation, told Deccan Chronicle that it could be a planned attack or a technical snag. But the attack hit-list accessed from the Deep Web hackers group indicates that the attack is scheduled.

He pointed out that it looked like an attack but people had to do serious investigation to confirm it. Bank managements often take such issues more seriously than they actually were.

S. Sekar, senior general manager at the CUB, told Deccan Chronicle that the server of the bank was down on Tuesday because of heavy traffic.

He said they were searching for the reason behind the problem. They also contacted the IT service provider.
The TMB was targeted on Wednesday morning by the hackers.

Arun Vasan , IT manager of the bank, told Deccan Chronicle the attack happened at the network level.

‘India should learn from Russia and China agreement’ says security expert

India should learn from the recent cyber-security agreement between Russia and China where both of the countries have agreed to not launch cyber-security attack against each other said an Indian cyber-security expert on Thursday.

J. Prasanna, cyber-security expert and one of the founders of Cyber Security and Privacy Foundation (CSPF), an organization which solves the cyber security problems, said that India should join such initiatives as it provides a chance to share information among law enforcements of different countries.  

“The agreement is good for China and Russia,” he said.

“However, such agreements are only possible when both of the sides (countries) have equal capabilities,” said Prasanna. “Similarly, they should have advanced cyber capabilities.”

According to the agreement, which was signed on May 8 and provided by The Wall Street Journal, Russia and China agreed to share information between law enforcement agencies, share technologies and ensure security of information infrastructure.

Similarly, these countries have agreed to not “destabilize the internal political and socio-economic atmosphere," or "interfere with the internal affairs of the state".

The agreement is said to be the result of the revelations about US and Western nation hacking and surveillance operations by former US National Security Agency contractor, Edward Snowden. After the revelations, Russian lawmakers had demanded for tighter control over the Internet.

It is also believed that the agreement shows that Beijing and Moscow support changes to global Internet governance that would reduce the traditional role of the U.S.

Last year, Russian Communication Minister Nikolai Nikiforov said Russia was preparing an action plan as a backup plan in case the segment of the Internet was shut down from outside.

“For Russia the agreement with China to cooperate on cyber security is an important step in terms of pivoting to the East,” Oleg Demidov, a cyber-security consultant at the PIR Center, an independent think tank focusing on international security, told to The Wall Street Journal. “The level of cooperation between Russian and China will set a precedent for two global cyber security powers,” Mr. Demidov said.

WoW players targeted with Fake version of Curse Client containing malware


Blizzard yesterday warned World of Warcraft(Wow) players regarding a new malware disguised as Curse client that attempts to hijack victim's accounts.

The fake version of the Curse Client is served in a fake version of Curse Client website.  The fake website is appeared in the search results when users search for the Curse client in major search engines.

If you believe you are one of the victim or want to make sure yourself, you can download the updated MalwareBytes software.  It is currently detecting and removing the malware in question.

If you are good at technical, you can also follow a manual removal method posted by one of the user in their support forum. 

There are 20 out of 48 antivirus detect the malware in virus total.  However, some of the major antivirus failed to detect the malware.

Users are always advised to download the softwares from official website or trustworthy third-party websites such as softpedia, cnet.

Reserve Bank of India warns public against use of Virtual Currency Bitcoin


The Reserve Bank of India(RBI) has issued a warning against the use of Virtual currencies such as controversial Bitcoin saying that they poses a potential financial, legal and security related risks.

RBI warned in its press release that creating, trading or using any of virtual currencies including Bitcoin, Litecoins, bbqcoins, dogecoins are not authorized by any central bank or monetary authority.

RBI said since the virtual currencies are stored in digital form(electronic wallets), they are prone to losses arising out of hacking, loss of password, compromise of access credentials, malware attack.

The warning comes few days after Chinese government banned the use of Bitcoin in their countries Banks, pointing out the risks of using Virtual Currency.

Earlier this month, the French Central Bank also issued a warning about the Bitcoin transaction. 

Hacker sent emails from hacked Police account


The Belington Police has issued a warning about a spam email purportedly from the Belington Police department.

According to The Exponent Telegram, an account of a police officer has been hacked by cyber criminals and sent around 500 emails from the hacked account.

Sgt. J.L. Hymes told the exponent Telegram that the email will ask recipients to donate money saying it is for a child in Ukraine.

Hymes said police will contact the recipients either in person or by phone. They also provided a department contact number ((304) 823-1613), in case the residents want to verify any police contact.

Cyber Security Awareness: How a Grandma got phished by a Hacker

Christmas is getting closer, children are expecting gifts from Santa Claus.  I'm not sure whether Santa is going to send gifts to your children but definitely cyber criminals have much interest to send phishing emails for you.

Now you should be extreme caution about the emails claiming to give special Christmas offers or free Christmas gifts.

University IT at The University of Rochester has uploaded a funny video in Youtube called "Grandma Got Phished by a Hacker" to create awareness of cyber security.




They have conveyed the warning message about phishing mails in funny way.

The University also has launched a new service called "Proofpoint Targeted Attack Protection", which is designed to improve the protection of University mail systems against phishing attacks.

CyberTech 2014, International exhibition & conference for Cyber solutions


CyberTech 2014 (cybertechisrael.com) is one of the best International Cyber security conference going to happen in Israel which is Inaugurated by Israeli Prime Minister, Mr.Benjamin Netanyahu.

Leading multi-national companies, over a hundred start-ups, private and corporate investors, experts and many more are going to participate in this event.

The keynote speakers of the event are leading cyber security experts including Chairman and CEO of Kaspersky lab 'Eugene Kaspersky', Head of the Israeli National Cyber Bureau 'Dr.Eviatar Matania',  Senior Vice President of Cisco Systems 'Bryan Palma'.

Cyber Security Privacy Foundation(CSPF) is interested to take a delegation of corporate/companies to Israel.

Indian companies who would like to tie up with Israeli hi-tech cyber start-ups can contact CSPF.  If you need any assistance in getting VISA to Israel for the conference, you can also contact CSPF.

Contact Details of CSPF: Founder@CySecurity.org


Facebook spam abuses Microsoft Translator

We recently investigated the facebook spam that abuses McAfee URL Shortener and Google Translator and published our report.

Today, we have come across a new facbeook spam campaign that abuses Microsoft Translator for redirecting victims to the spammer's site.  I have come across different variants of this spam campaign within last 24 hours.

The list of variants used in this campaign includes the old profile viewer trick " Profile Viewer version 4.6 : Check who views your profile at link in Description".

Facebook profile viewer spam

Facebook SPAMs

Unfortunately, i can't share the screenshots of other variants as it contains adult images.  So , here i am sharing only the description in the SPAM picture:

  • Look what she did after drinking , Video link in description
  • Looks like she enjoyed it, Video link in description
  • They gone too far 
  •  Massive japanise org* sports, Follow the link to watch video
  • Beautiful girl on facebook, click on the link to know about her
  • Got caught making hot video on cam, Video link in description
  • You can't believe she did it in bus,  Follow the link to watch video
  • Got caught in library, Video link in description
  • "She was seduced by her own uncle, find video link in description
All of the spam posts contain a "j.mp" link (url shortener) that redirects the victim to the Microsoft Translator page.  The Microsoft Translator is abused to hide the original spammer website and is used for redirecting to spammers website.

What's worse about these spam campaign is even security researchers fall victim to the spam.  Today, one of my friend fell prey to a post that promising "Free Gift Card to spend at Starbucks!".  So, it is useless to blame a normal users.  I believe they will realize their mistake once they find them-self victim to the attack.

Please share this article with your friends and spread the awareness about facebook spams.

Stay tuned..! I'm starting my investigation on this new campaign ;) This article will be updated if i find anything interesting.

90+ Russian Malicious domains used by Kelihos group taken down by Malware Must Die

Exclusive: Malware Must Die(MMD), the team which is dedicated to Malware analysis research, has taken down more than 90 Russian domains which have been confirmed as malicious.

It is part of their ongoing operation named "Operation Tango Down", an operation that deactivate the malicious domains with the help of Authorities - Several malware domains have been suspended.

Today, MMD announced that they are shutting down 97 .Ru Domains that serves the notorious Kelihos Trojan for the Red Kit Exploit Kit. 

Suspended Malicious .Ru domains - Image Credits: E Hacking News

According to the blog post , "the Kelihos Trojan were distributed in (mainly) East European (Ukrainian, Latvia, Belarus, Russia) and Asia servers (Japan, Korea, Taiwan and Hongkong) as the secondary layers, with also using the scattered world wide hacked machines".

You can find further details and full list of suspended domains at their blog: http://malwaremustdie.blogspot.jp

Facebook Spam abuses McAfee URL Shortener and Google Translator


We yesterday got a notification about a new facebook spam from one of EHN's reader.  What's interesting about this new spam is that it abuses the McAfee URL shortener for hiding the malicious URLs.

The spam post contains an adult picture saying "Emma Watson Star of Harry Potter made a sex Tape"  and "Link in the description".


Clicking the link will take the victim to the Google Translator page.  Within few seconds, you will be redirected to another page from translator - The page is hosted in a free hosting service "altervista.org".

As usual, the victims are asked to copy and paste the URL that contains the facebook access token in order to verify your age.

Facebook Access token stealing - Image Credits: E Hacking News


Once you clicked the "Activate" button , it will display a pop-up saying "8 New comments". Clicking the "continue" or next button will take you to a facebook app that asks the users to give permission for accessing your public profile, friend list, email addresses, birthday.

The spammers didn't ask your birthday for not sending birthday wishes :P .  The collected information will be used in future spam or for any other malicious purpose.

Permission to Access personal Information - Image Credits: E Hacking News

In the background, the spam post will be posted in your wall and your groups on behalf of you with the stolen access token. From what i observed, the spam also abuses the alturl, tinyurl, linkee and other url shortening services.

We have already warned you that Facebook is not the right place to watch porn.  Please spread this article and create awareness about the facebook spams.

Update:
We got a notification from one of our users that the same group is posting spam post with Twilight star Kristen Stewart name.

Update 2:
Redirection flow:
Url shortener link-->Google Translator --> fiddle.jshell.net --> plgngl.info -->ngltoken.altervista.org

The whois details of plgngl.info:
  • Registrant Name: Ngl Power
  • Street : Nonteladico 23
  • City : Roma
  • Email address: ngl@live.it

Other Domains registered by the same person:
buzzingcl.info
buzzingam.info
worldwarez.info
2fun4u.info

The 2fun4u.info has a text saying "If you're here maybe you're trying to steal my scripts. If so good luck" with a page title "NGL's viral scripts".

The plgngl.info has also been used in the Rihanna sex tape Facebook spam attak at the starting of this year.

*Update 3 - Tracking the Spammer:
Me and My friend "Janne Ahlberg" investigated the spam and found some interesting stuffs.  Here, I am sharing with you what we have found.

We started our investigation with the Domain Registrant name "Ngl Power". With few hints, we have managed to find the profile of the cyber criminal in one of the Top underground hacking forum.

He is distributing malicious facebook spam scripts to other cyber criminals.  From our investigation, we found that he is doing the distribution of malicious scripts since 2010.  It appears he is the criminal behind several Facebook spam campaigns.



He has provided malicious script for following SPAM campaigns:
  • "RIHANNA'S BIGGEST SCANDAL", 
  • "98 Percent Of People Cant Watch This Video For More Than 15 Seconds"
  • "Busty Heart - The woman that can smash things with her br****ts!"
  •  Man accused of trying to hide stolen TV in his pants 
  • Find Your Facebook Stalkers
  • Dad walks in on daughter... EMBARRASING!!! 
  • This is what Happend to his Ex GirlFriend
  • John Cena  died of a head injury
  • Justin Bieber Sex Tape

Janne found one of the thread posted in the forum by another cyber criminal  "kira2503" saying "NGL's money is refunded" with a screenshot where it displays the possible real name of the NGL.



However, what i observed from the thread is that it appears the spammer(NGL) got scammed by a scammer(kira2503). So we can't be sure whether the name provided in the screenshot is true one or not.

Our investigation leads to a "Facecrooks" facebook fan page where they have warned about the facebook spam.

One of the comment posted by user in the page reads "Really Angelo Tropeano?? You think with a pic of Facecrooks x'd out .. on a thread > Warning us NOT to click links Anyone is going to fall for your malware attempt?? Shameful. Reported".

One more user posted a comment "the troll known as angelo's link resolves to a html file on tumblr hxxx://static.tumblr.com/c5apoln/7Prmiktpx/cena.html? 93561071".  Following the Tumblr link leads us to the "hxxx://plgngl.info/tkn".  Yes it is the same domain used in the recent attack.


Following profiles might be associated with the spammer:

YouTube Profile: hxxx://www.youtube.com/user/nglyt2

Spammer's Blogger

Blogger  : hxxx://www.blogger.com/profile/11389969837864256446


Spammer's Twitter account

Twitter :  hxxxx://twitter.com/ngltw

We are still investigating the campaign.  If we find anything interesting, we will update.

Hackers convince bank to send $15000 wire transfer with the help of Hacked Gmail account


It is time to enable the Google two-step authentication feature.  If the website is providing you additional security feature, it is always good to use that feature.  This news will help you to understand the risk of ignoring the additional security feature.

Cybercriminals hacked the Gmail account of a Dubai based Indian expatriate Anil Abraham and used the account to convince bank to transfer $15,000 from his bank account in India.

When Anil contacted the Bank, he was told by the Branch Manager that the Money was transferred at his request only via email.  The cybercriminals are reportedly send a signed document with the email to trick the Bank into transfer the money.

According to Emirates247 report, the money was transferred to someone named Garry Albert Frazer to Westpac bank account in New Zealand.

Anil said whoever hacked into his email id had managed to steal fianancial information and managed to use those info to write email to Bank with forged signature.

I'm still wondering how bank allowed the cyber criminal to steal the money, they usually don't allow us to transfer money via email accounts without any personal verification.  As far as i know, Bank always careful when it comes to big amount of transfer - $15,000(nearly 90,0000 Rupees).

Though it is mistake of Bank, It is always good to enable security feature on your side.  Don't wait until your account get hacked, Enable the Two-step authentication : http://www.google.com/landing/2step/