[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKS4ivWsur59Zbi=D5mj4OD+3izacKtEaxkh_WM8QAFkxsV9DQ@mail.gmail.com>
Date: Mon, 4 Feb 2013 14:25:59 -0500
From: Vulncheck Security <info@...ncheck.com>
To: full-disclosure@...ts.grok.org.uk
Subject: A new Facebook Token Hijacker malware
Hello All,
A new variant of Facebook Token Hijacker is in wild. This variant is
capable of posting on behalf of victim, creating event and inviting all
friends all done by an obfuscated javascript. The main advantage of this
malware in compare to other types of phishing attack is that, it is capable
of hijacking the access token and sending the information from the actual
victim machine. In conventional phishing attack, the attacker harvest
victim's credentials for future use, however the big challenge against them
is to bypass the Identity and Access Management Controls in place where
they are asked for challenging questions in case they are logged from an
unknown location/device.
This details of this malware/phishing attack and a semi-deobfuscated
version of the malware is posted online:
http://www.faghani.info/blog
Please feel free if you need further information on this attack.
Best Regards,
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists