Solved

SN spoof

Posted on 2012-03-13
9
564 Views
Last Modified: 2012-03-14
If on facebook/twitter etc you see an update or post from a freind/contact that looks like spam, i.e. looks like they are selling something for say a drugs company with a link to a website. And then you ask why they are posting that and they say they have no idea it was not them, how could/has their account been “hacked” so to speak. I.e. what has the user done to get infected, or is there a list of how it may of happened? And how if somehow some malware is abusing their account for spam postings can you restablish control of the account and ensure it doesn’t happen in future. Could it be a targeted attack i.e. target the users account perhaps password crack, or how else does malware infiltrate a SN account so they can post spam or other such rubbish?
0
Comment
Question by:pma111
  • 4
  • 3
  • 2
9 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
Comment Utility
> .. can you restablish control of the account and ensure it doesn’t happen in future.
if you mean their (the other) account, hopefully not
*you* cannot ensure that things go wrong, for that the site owner (fb, tw, etc.) is respnsible
to get rid of such threads you best do not sign in and block any webugs they use elswhere :)

> Could it be a targeted attack  ..
could be: yes, there are some such attacks know in the past

> .. can post spam or other such rubbish?
who defines "spam", "rubbish"?
if you have your definition set up, then it's up to you to bann SN, if you don't agree with their definition, don't use it, which is up to you again
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
No, I mean if user A's account has appeared with 20 spam posts or tweets that wasnt them, what does user A need to do to stop this happening to them again? If anything? Change password etc?
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
Comment Utility
what has the user done to get infected, or is there a list of how it may of happened?
>>User would have clicked on the URL in the email? Directed to an site to fill in more details that include email credentials or related PII? If user is having admin rights for the machine, the process may have already download some appl and run in background...or it can even be some evercookie type downloaded into the system to track your surfing behaviour...

And how if somehow some malware is abusing their account for spam postings can you restablish control of the account and ensure it doesn’t happen in future.
>>If it is google, I recall they have last login and would spell some hints esp if user has never login in that period. Worse is now web email has "stay login for a period", it may be calling some API supported by the yahoo or google email to upload info or manipulate further.Recall something like that in GhostNet saga....But the send box may have some traces of that...it would also be the source is spoofed though sending using your email signature (need to check email header)

Could it be a targeted attack i.e. target the users account perhaps password crack, or how else does malware infiltrate a SN account so they can post spam or other such rubbish?
>> yes maybe but for it to be targeted, are their values from the spam point of view. None but i see targeted attack more of stealthy rather than being "loud". Their intent maybe to get more spambot or build up their distributed botnet. Likely the weak password or guess the secondary help question has allow entry....
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
>>who defines "spam", "rubbish"?


I mean, if user A's tweet appears to be selling a weight loss pill, they (user A) werent tweeting about weight loss pills, something has done that on their behalf under the guise of their account, then subsequently I and I think anyone would see that as spam on their wall that they didnt intentionally put there.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 3

Author Comment

by:pma111
Comment Utility
>>>>User would have clicked on the URL in the email?

I dont know if theres been any email. Can you get infected without clicking any malicious link? If so how?


For spam posts to be appearing on your FB wall/tweets have you always 100% got some malware running on the device you access FB/twitter from?
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> .. subsequently I and I think anyone would see that as spam ..
no, definitelly not!
at least the vendor selling that pill ;-)

> .. that they didnt intentionally put there.
is there anything in such SN which is put their by intention and under full control of a user? I doubt
the business model of all SN is to flood advertising in the hop that the vendor who advertises pays for that
otherwise you may go for a contract with a SN vendor and then make a law suite if your account got wasted

personally I don't see any benefit in making an "ill by design" system healthy, however: if I get well payed for it ... ;-)

sorry for a bit sarcastic answers, but actually it's hopeless to tell (most) SN vendors to respect user's privacy, rights or even security and hence very difficult to make the user account work as you (and most intelligent humans) expect, it's a system adicted to shareholder value only, make your own opinion about it
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> I dont know if theres been any email. Can you get infected without clicking any malicious link? If so how?

yes
in much more worse: you can get infected by just visiting a web site without anything clicking

> ... got some malware running on the device you access FB/twitter from?
and how about malware on SN? or a combination of both? such things are still in the wild ...
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
koobface is one famous worm spread using facebook, social media is good leverage
http://blog.trendmicro.com/new-variant-of-koobface-worm-spreading-on-facebook/

interesting video - http://www.youtube.com/watch?v=oBMLt1G6qxU
> flood of junk posts is thrown onto the wall, come in fast and goes away

Below are other info on facebook mechanism for detection

a) Some Facebook assistance below.
>Facebook's Roadblock tool can help verify your identity and secure your account against the spammer. http://www.facebook.com/hacked/
>If a scammer gained access to your account password via phishing attack, you can fill out Facebook's phishing report http://www.facebook.com/help/identify.php?show_form=account_phished
> Provides a separate form for reporting a malicious link or websitehttp://www.facebook.com/help/contact.php?show_form=report_phishing

b) Implement a two-step login process. If you enable this feature, Facebook will send a verification text to your mobile device before allowing access from the new location.
https://www.facebook.com/notes/facebook-engineering/introducing-login-approvals/10150172618258920
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> .. gained access to your account password via phishing attack,
well phishing is always a layer-8-problem (layer 8: the person sitting infront of the screen)

things are different if the website itself is insecure in that way that it allows website spoofing where the user is not able to detect the wrong site

phishing is a threat you cannt do anything against, except take care means educate the user
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now