Tuesday, April 26, 2011
Fake Facebook app out to steal passwords: Expert - Today Online
Do you like this story?
Symantec has recently observed a Facebook application out to steal passwords. Accompanied by its sensational headline, "Tornado Randomly Appears During Soccer Game", the page forces the download of a script, which displays a Facebook login message. If the user is already logged into Facebook, the app will log the user out and request for a log-in.
After entering the user information and clicking on the Login button, this fake application then sends two POST requests: one to Facebook.com, and the other to the malicious server. The request sent to the malicious server will contain the user's email address and password. Even attentive users who double check the URL information bar to determine the destination of the URL, will only see "apps.facebook.com" when the login form is displayed, even though the credentials will be posted to a malicious site.
The bogus app also "likes" the link in an automatic post, which will be displayed on the user's profile, thus encouraging more users to click on the video. Symantec has also observed a similar attack hosted on the same IP address, with a different subject title: "Video: This is the best April Fools' prank ever!" This attack also employs the same technique to steal usernames and passwords from Facebook users.
This story is only available online
View the original article here
0 Responses to “Fake Facebook app out to steal passwords: Expert - Today Online”
Post a Comment