Facebook Phishing Attacks by Syrian Electronic Army

Aktuelle Einträge

First-Party Cookies: Thursday, May 9 2013
Speedpartner mix servers: Saturday, May 4 2013
JonDo Error Message: Friday, May 3 2013
Availability of free services currently low: Friday, April 19 2013
JonDoBrowser 0.6 - Status Report: Tuesday, April 16 2013

Quicksearch

For your web site - free!

Get your free IP check image for your web site or forum here!

Friday, May 4. 2012

Posted by cane in Speaker's Corner at 15:03 | Comments (0)

Facebook Phishing Attacks by Syrian Electronic Army

The Syrian Electronic Army (SEA) operates with at least tacit support of the government. In the last weeks it targets Facebook and Youtube accounts of Syrian activists to get the login credentials and infect the computers with malware.

May 2011 a man-in-the-middle attack against the HTTPS version of the Facebook site was launched with support of most syrian ISPs. It seems, the Syrian Telecom Ministry was involved too.
February 2012 CNNtech reported the deployment of computer viruses like Backdoor.Breut against Syrian opposition activists
3 waves of attacks were reported by EFF.org in March 2012. At first a PDF document was delivered via Skype message from a known friend. It installed a remote administration tool called DarkComet RAT, which can capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more.
Afterwards links to a fake YouTube page were distributed by email and chats. Visitors were attacked in two ways: it requires to enter YouTube login credentials in order to leave comments, and it installs malware disguised as an Adobe Flash Player update.
During the third attack in March 2001 phishing links were spread in pro-revolution forums on Facebook to get Facebook login credentials of activists.
April 2012 the Facebook security application FacebookWebBrowser.exe was promoted for Syrian activist in Facebook comments. The FacebookWebBrowser.exe is a malicious application which logs keystrokes and steals login credentials for email accounts, YouTube, Facebook, Skype, and others.
Since a few days a Skype Encryption Tool is promoted for Syrian activist. The application does not encrypt anything. Instead of encrypting Skype traffic, the application downloads malware.

In may cases compromised accounts were used for malware distribution and people may think, the message is comming from a friend.

Attacks on facebook accounts are not a new idea by Syrian Electronic Army. The Agence Tunisienne d'Internet (ATI) used Javascript Injection to get login credentials of Facebook accounts a year ago. But this intensity of attacks is new in cyberwar.

Select language: German, German

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Free Trial for Premium Services

Get your free test code for JonDonym Premium services!

Last Comments

Georg Koppen about JonDoBrowser 0.6 - Status Report

Mon, 29.04.2013 09:54

Ja, der Wartungsaufwand steigt , aber wir hoffen, der Support aufwand sinkt und die Si [...]

Georg Koppen about JonDoBrowser 0.6 - Status Report

Mon, 29.04.2013 09:43

Auf Java kann in absehbarer Ze it nicht verzichtet werden, le ider. Die Integration br [...]

basil about JonDoBrowser 0.6 - Status Report

Tue, 23.04.2013 18:55

Jondofox wird es, wenn der ers te Satz im ersten post umgeset zt ist, nicht mehr geben [...]

Aktuelle Einträge

Quicksearch

For your web site - free!

Categories

Friday, May 4. 2012

Facebook Phishing Attacks by Syrian Electronic Army

Free Trial for Premium Services

Last Comments

Autors Login

Choose Language