Category: hijack.

Britney Spears has her Twitter account hacked Once More

Just over two months ago I explained on Twitter why I was next Britney Spears. In a nutshell, I pursue Britney on Twitter not because I’m involved in her music or her complex private life, but since it’s the best way of getting a heads-up on when her account next gets hacked.

Ironically enough, I wasn’t on Twitter nowadays as I was downward in London language at the “Information Security in the Public Sector” meeting about social networking threats.

So, where’s the irony? Well, while I was chatting about some of Britney’s past plight on Twitter her account was being hacked – again!

This occasion the bad guys replace her wallpaper and profile picture with emblems signifying she was part of some conspiratorial masonic secret world government (as far as I know, this isn’t true about Britney, although I have from time to time supposed she might be a shape-shifting lizard):

Some post were also posted to her legions of followers (over 3.7 million at the last count);

I expect that the new world order will arrive as soon as possible! -Britney

And

I give myself to Lucifer every day for it to arrive as quickly as possible. Glory to Satan!

 

I deduce we should be thankful that these hacks appear to have been mindless damage rather than aggravated by more malicious intentions. Imagine, for example, if the hacker had posted a message saying “Free tickets to a secret concert” which had taken some of Britney Spears’s millions of ardent fans to a malicious website? It’s not clear at this stage how Britney’s Twitter account was compromised – but probably the most likely bet is that a simple easy-to-crack password was being used or that one of Britney’s team fell for a phishing attack.

The Twitter account of Britney Spears does come into view to have now been brought back to order, and regret was posted to her followers:

 

However the attack happened it’s a opportune reminder to all of us (whether responsible for Twitter accounts with a small or huge following) to take greater care with our online security.

Video scam Of Osama Shoot down spreads on Face book

Face book user are being tempt to tick on links to what purport to be a video of Osama bin Laden life form shot, in the newest in a sequence of scams exploit the hot news story of the Al Qaeda leader’s death.

 

The messages come into view as follows:

 

Watch the Osama Shoot down video

Osama Dead – Censored Video Leaked

on.fb.me


Osama is dead, watch this exclusive CNN video which was suppressed by Obama Administration due to level of violence, a must watch. Leaked by Wiki leaks.Clicking on the link, though, will not right away show you some amazing recording of US Navy Seals attacking Osama bin Laden’s mix in Pakistan.

Instead, you’re told you will have to take an online survey.

That ought to be sufficient to set your alarm bells ringing – as survey scams are a continuing trouble on Face book, earning scammers payment with every survey they run to trick users into implementation.What’s most appealing about this scam is that they trick you into cutting-and-pasting a line of JavaScript into your web browser’s address bar.

Not that you’ll comprehend that you’re doing that, of course. As far as you know all you’re doing is following a sequence of commands and keyboard presses before you watch the video. But any time you paste a script into your browser’s address bar; you’re efficiently running code printed by the scammers without the safety net of shield.

Before you know it, you’ll be distribution the news of the “Osama Shoot down video” with all of your Face book friends, and the scam will be dispersion virally.My guess is that you don’t desire to make it so easy for the scammers to run their scripts on your browser – so don’t fall for scam like this.

 

Be very careful not to be fooled by scams related to Osama bin Laden’s death, not just on Face book but on other parts of the internet too. Such a big news story always seems to attract the interest of fraudsters and malware authors.

If you want to keep up-to-date on the latest scams, and are a member of Face book, don’t forget to join the Sophos Face book page to keep informed about the most recent security news.

Face book comment-jacking? OMG! I can’t believe JUSTIN Bieber did THIS to a girl

It’s preliminary to appear like Face book can’t win next to those who wish to use their overhaul to scam, spam and just cause difficulty. Over the last day or so, a new kind of assault has been dispersal using the phrase “OMG! I can’t believe JUSTIN Bieber did THIS to a girl”.


 

It leads to a page asking you to confirm a simple math problem to “prevent bots from slowing down the site”. In actuality, it is another click jack-type scheme in which you are asked to type the answer into a box. It doesn’t matter what you type, because it’s a social engineering trick. What you are actually typing is a comment that is used to share the link with your friends on Facebook. You can see the tooltip that says “Add a Comment” in the screenshot.

 

This bypasses Face book’s recent attempt at detecting likejacking fraud. Links you comment on are not using the same mechanisms that Facebook is monitoring when you click “Like”. Many moons ago, the first Facebook attacks started with illegitimate applications asking for permission to access your wall and spread their messages by spamming your friends through wall posts. While this worked well, it was a bit easy for Facebook to track down and remove the bogus apps.

 

Early in 2010 we saw the first attempts at like jacking. This technique involves layering one image over the top of a Like button and tricking the victim into clicking something that appears to play a video or a continue button, when in fact they are clicking the Like button hidden underneath. More recently we have seen the attackers trying lots of new techniques. In the past few months we have seen them tagging people in photos they are not in to get you to click, inviting people to fake events and even making you an administrator of a Facebook page that isn’t yours.

 

While protecting yourself may not be as simple as not clicking anything that says “OMG!” that isn’t a bad start. Be skeptical, understand that messages from your friends may not in fact have been sent to you willingly, and if you are really tempted to click, take a short timeout to conduct a Google/Bing search.As of the time of this writing some of the YouTube videos this scam leads to have been removed by YouTube. However, one video that is still working has over 525,000,000 views since February and thousands of comments in the last 24 hours — in other words, since this Facebook scam has been making the rounds.

Ashley Greene’s nude pics being distorted by hackers in web scam

Bare pictures of actress Ashley Greene have fallen into the hands of cyber crooks who are misusing them to hack into people’s computers.

The ‘Twilight’ star, which portrays the position of Alice Cullen in the hit vampire movie, before endangered to file a court case alongside anybody who posted her leaked naked pictures on the Internet.

The 22-year-old was said to have caught the notice of hackers, who have been flooding the web with hundreds of scoundrel links using the pictures to steal personal information and bank details or spread viruses. Graham Cluley, from web security firm Sophos, warned surfers against aperture the links over possible refuge threats.

“Thousands of people will be searching Google for these pictures right now and the hackers know it,” The Sun quoted Cluley as saying.

“There are more and more malware attacks targeting both PC and Mac users – so whatever system you use, infection could be just a click away.

“My advice is that if you’re a fan of Ashley Greene – go see her movies in the cinema or on DVD, don’t hunt for naked images of her on the internet,” Cluley added.

Jackson suicide spam hides virus

A Windows e-mail virus is annoying to entangle victims by claiming that Michael Jackson has attempted suicide, utter computer security firms. The message hopes to grasp people’s concentration because of the enormous attention in the on-going child abuse trial. The fake message contains a web link that supposedly links to Mr. Jackson’s suicide note. But anyone clicking on the link will have their PC invaded by a virus that gives others access to that machine.

Contagious link

The message was first discovered early on 10 June and previously anti-virus companies have seen many copy of the e-mail circulate online.The sick minds behind viruses and other malware often exploit celebrity names and news stories in an attempt to infect as many people as possible

Like many recent Windows viruses the malicious message does not use a technical trick or loophole to infect machines. Instead it relies on tricking users into infecting themselves.

The badly-spelled message – its subject line is “Suicidal attempt – claims that the suicide attempt was in reaction to the stress of the trial. A verdict is due in the case soon. Those who tick on the link in the fake e-mail to see the supposed suicide note will get a message suggesting that the site hosting it is busy.

That may not surprise people who think it might contain genuine breaking news about Michael Jackson,” said Carole Theriault, refuge advisor for security firm Sophos.

Do not click

Ms Theriault said the full of activity message is a diversionary tactic because, unseen, a virus is being downloaded on to a user’s machine.

The virus downloaded is a variant of the Borobt-Gen Trojan which gives the virus’ creator a backdoor into infected machines.

“The sick minds behind viruses and other malware often exploit celebrity names and news stories in an attempt to infect as many people as possible,” said Ms Theriault.

She urged users to be wary of clicking on links or opening attachments in unsolicited e-mail messages.

Vanessa Hudgens meet FBI to thrash out nude snap hack

Exposed photos and videos of Vanessa Hudgens, the star of “High School Musical”, have surfaced on the net, with conjecture common that they have been released by a hacker who broke into the 22-year-old’s Gmail account. So far, so usual for saucy celebrity news.

But what’s dissimilar on this instance is that not only has Vanessa Hudgens report to have met law enforcement officers to discuss the crime, but as many as 50 other celebrity are said to have been under attack by a hacking gang dead set on stealing compromising snaps and information.

Other stars said to have been in the hackers’ sacking line include actress Scarlett Johansson, who is supposed to have had a nude image stolen from her iPhone. Rumors abound that the hacking gangs have been touting the risqué+ photos and videos to websites, but might bigheaded about their online exploit have been their undoing?

It seems too much of a coincidence to me to believe that these latest reports are not associated in some way to the German inquiry that we wrote about late last year, where two hackers were accused of contravention into the accounts of over 50 pop stars, including Lady Gaga, Kelly Clarkson, and Justin Timberlake.

In that case, prosecutors claim that the hacker’s impure computers with malware in arrange to take celebrities’ credit cards details, private pictures, emails and unreleased songs.

Celebrities are only human (well, some of them.. probably not Lady Gaga) and are just as able of lousy computer security as the rest of us. Just because they are in the public eye, however, does not give anybody the right to look through their private infrastructure, take foolishly stored naked pictures from their phones, or break into their computers.

So, here’s what you should do (aside from the usual advice of running up-to-date anti-virus software, installing security patches and taking care about what programs you run on your computer):

1. Make sure that you are using a hard-to-crack, non-dictionary word for your code word and never use the same password for multiple accounts. If you haven’t already done so – make sure you read about the top 50 passwords you should never use.

2. Take care about the “secret questions” that some websites ask you to answer in case you ever forget your password. That’s how people like Sarah Palin were caught out – as it was simple for hackers to guess her answers.

3. Make sure that you have changed the PIN code on your phone’s voicemail. Too many people leave that as the default, opening up opportunities for strangers to listen to what should be private messages.

Be Aware on ‘Paramore n-a-k-ed photo leaked!’ Face book linkage

Rationalized Many Face book users are being strike by further click jacking attacks nowadays, captivating improvement of the social network’s “Like” facility. The newest entice is a link which claim to point to a website contain a bare photo of Hayley Williams,the escort singer of the American rock band Paramore.

Exaggerated profiles can be identified by seeing that the Face book user has it seems that “liked” a link:

Paramore n-a-k-ed photo leaked!

The fact that 21-year-old Hayley Williams has lately been the subject of much internet interest after a topless photo of her was leaked online is only likely to fuel attention in the naked pictures promised by these links. But take care, because all may not be what it seems. Clicking on the links takes Face book users to a third-party website which displays a message saying:

Click here to continue if you are 18 years of age or above

What the hackers have really done is very devious. They have concealed an invisible push button under your mouse, so wherever you click on the website your mouse-press is hijack. As a result, when you click with the mouse you’re also clandestinely clicking on a button which tells Face book that you ‘like’ the webpage.

This then gets available on your own Face book page, and shared with your online friends, resulting in the link spreading virally. Attacks like this can increase very fast. Judge by the number of post I’ve seen, thousands have already found it impossible to resist the idea of seeing the lead singer of Paramore naked and have fallen head-first into the “like jacking” trap.

This use of a click jacking exploit to publish the same message (via an invisible frame) to the visiting user’s own Face book page works in a similar fashion to the click jacking attacks we saw earlier this week. It’s clear that Face book needs to tighten up the way it handles the ‘liking’ of external WebPages before it is even more widely abused by hateful hackers and spammers.

If you consider you may have been strike by this attack, view the fresh movement on your news feed and erase entries related to the above links. Furthermore, you ought to view your profile, click on your Info tab and remove any of the pages from your “Likes and interests” section. If you’re a usual user of Face book, you should join the Sophos page on Face book to be kept knowledgeable of the latest security threats.

And, please, if you have Face book friends or associates that have fall foul of this attack please care them about it, and suggest that they click a small more carefully in future. Update fascinatingly, the same third-party website hosting the “Paramore naked photo” click jacking assault is also carrying another webpage containing a click jacking assault connected to teen heart-throb live feeling Justin Bieber.

If you click on a Face book “like” link declaring

Justin Biebers Phone Number Leaked!

Then you may find physically taken to a webpage which says “Click here to continue”.

If you do click then you will have your mouse-press hijacked (declaring to all of your Face book friends that you “Like” “Justin Bieber’s Phone Number Leaked!”) and you will be obtainable with what is claim to be Justin Bieber’s phone number and speak to in Florida.I have no method of effective if the phone number and address are real, and I don’t think it’s suitable to share them regardless, so I’ve pixilated them out in the screenshot above.

Of course, it’s not the first time we’ve seen Justin Bieber’s popularity exploited by cybercriminals.