Showing posts with label Facebook Hack. Show all posts
Showing posts with label Facebook Hack. Show all posts

Friday, January 6, 2012

Worm steals 45,000 Facebook passwords, researchers say



More malware is worming its way onto social networks.
  A computer worm has stolen 45,000 login credentials from Facebook, security experts have warned.
The data is believed to have been taken largely from Facebook accounts in the UK and France, according to security firm Seculert.
The culprit is a well-known piece of malware - dubbed Ramnit - which has been around since April 2010 and has previously stolen banking details.
Facebook told the BBC that it was looking into the issue.
The latest iteration of the worm was discovered in the labs of security firm Seculert.
"We suspect that the attackers behind Ramnit are using the stolen credentials to login to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further," said the researchers on the firm's blog.

"In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services to gain remote access to corporate networks," it added.

'Viral power'

Social networks offer rich pickings for hackers because of the huge amount of personal data that is stored on them. Increasingly malware is being updated for the social networking age.

"It appears that sophisticated hackers are now experimenting with replacing the old-school email worms with more up-to-date social network worms. As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social networks can be manipulated to cause considerable damage to individuals and institutions when it is in the wrong hands," said Seculert.

According to Seculert, 800,000 machines were infected with Ramnit from September to the end of December 2011.

Microsoft's Malware Protection Center (MMPC) described Ramnit as "a multi-component malware family which infects Windows executable as well as HTML files... stealing sensitive information such as stored FTP credentials and browser cookies".

In July 2011 a Symantec report estimated that Ramnit worm variants accounted for 17.3% of all new malicious software infections.

For Facebook users concerned that they have been affected by the worm, the advice is to run anti-virus software.

"It won't necessarily be obvious that you have been attacked. The worm is stealing passwords so it is not going to announce itself," said Graham Cluley, senior security consultant at Sophos.
Posted by at No comments:
Labels: , , , , ,

Wednesday, October 5, 2011

Trick to Generate fake Facebook Comments or set your Fake Facebook Status


Facebook is one of the most loved Social Networking Site and there are so many ways have already in the process to have fun with friends via facebook.
Now today in this post you will learn another way on how to make fun fooling your friends with fake facebook comments or status.  To do such a fun Fake Convos is a Web service which is infact an interesting webware which generates Fake conversation on Facebookwith same design and interface as real as Facebook.
To begin with you only need enter the name on the left side of the screen, thereafter you can set the image which you can direct call from your facebook account if allowed to do so or using the image URL. And Finally enter with the message which you want to share. That’s all. In this way, any number of comments can be added with different profile names and Photos.
There are other similar services like FacebookQuotes which claim to does same thing but the results doesn’t look no real with Blurred Display Picture and unreal background design.
Posted by at 2 comments:
Labels: , , , , ,

4. How keylogger used for Hacking Facebook Password or Account


Keyloggers are not very new to us used for cracking passwords of email accounts or to get personal info. The keyloggers we have fall in two categories Hardware Devices mostly used in the cybercafes (Keyloggers!!!!! Be careful while you surf Internet in cybercafes…) while the another one is using a hacking software.
Now today in this post you will learn this effective way how keyloggers are used to get into someone’s facebook account. In this article I will discuss one of the primarily used Keylogger called L33ts keylogger which is said to be the 100% undetectable. Though hacking a facebook account is not a very easy task for a beginner but at the same time an advanced user can get full benefit from such keylogger.
But plz note that this is only for informational purpose and I never encourage to used such keyloggers to get into any one’s personal account as this may lead you to behind the bars. the purpose of this article is only to tell how the so called hacker community uses these keyloggers…
So get trhough the below Steps to hack Facebook account using Keylogger:
1. First you have to create a Keylogger Server to hack or store Facebook passwords.
2. Extracting the Icon from installer.
3. Bind the keylogger server with any software setup.
4. How to spread your keylogger or send it to your friends to hack their Facebook accounts or passwords.
The above mentioned steps is all which will be in the process of hacking not the detailed info…
1. First you have to download the Keylogger from the link here
2. Extract the file, Now you will get two folders:
a. First one contains Keylogger and Binder
b. Second Contains resource hacker tool.( to extract the icons from installers).
3. Now open the Keylogger. It contains two files one for gmail email and other for password. For this create one test account on Gmail and enter it’s details in this.
4. After entering email and password. Set the time interval usually set 3 mins i.e. after how much time you want to receive logs from the user.
5. Now click on send verification mail. This mail is to test that your keylogger is working correctly or not.
6. After you click this you will receive a confirmation mail on test account which will confirm that keylogger is working.
7. Now click on generate to set the mutex (any secret key to make your keylogger FUD) and then click on compile server.
8. Now save the file to desktop or any other location of your choice. Now your server is ready but it can be easily detected.
Step 2.: Extracting the Icon file from any installer(resource hacker)
1. Open the Resource hacker folder and open the reshacker file.
2. Now go to its menu and open any setup file. Suppose we want to attach our keylogger to Ccleaner setup file. So open the Ccleaner setup with resource hacker.
3. Now in menu there is one action button click on it and then click save all resources.
4. Now save all the resources to desktop or any other location of your choice.
5. It consists of two files one is icon file and other is res file . We only need icon file, so you can delete the other file i.e res file.
6. Now we have Icon of installer file(as discussed above Ccleaner setup Icon).
Step 3: Bind the Keylogger server with any software
1. Now Go to keylogger folder and open the Binder.
2. Now Click on + button given below to add files.
3. Now add the keylogger server and the set up of software (i.e. in our case it’s Ccleaner setup).
4. Now in menu of Binder, Go to Settings. There select the icon that we have generated in the previous step and set the location of output file as shown in figure.
5. Now again go to File’s menu in Binder and click on Bind files.
6. Now your Binded keylogger is ready. Now you have to spread it or send it to the victim that is your friend.
Step4 : How to Spread Keylogger or send it to victim or friend
1. Now you have one Software setup file with keylogger attached with it.(In our case we have Ccleaner setup with keylogger attached with it.
2. Now Spread your keylogger through forums. You might be a member of various forums use them to spread your keylogger in form of software posts. You can use various software’s to spread them that users frequently download.
3. Spread it through pendrives or USB hard drives. Suppose a friend asked you for a software give it the software that has keylogger attached with it.
Note: you can also attach keylogger with images also. But that can be detectable by antivirus. So avoid such type of hacking.
So isn’t that so easy to hack anyone’s Facebook account in just few minutes.
How to protect yourself from these hacks?
Prevention is always better than cure so always follow these steps:
1. Don’t use cracked softwares and don’t download them from unauthorized websites.
2. Always keep your antivirus and anti-spyware up to date.
3. Always scan the files before transferring them to your USB.
4. Do not allow other users to use your PC i.e password protect it.
Posted by at 6 comments:
Labels: , , , , ,

1. How do online accounts hacked using Session Hijacking? Explained View


Yesterday I have written an article how an Yahoo account using Session Cookies Hacking.. though in that article Session Hijacking has only informative ideas which makes today to think more about and let me write an another article describing whole… about what are the session cookies what are the methods or the types…
In this today’s article we will discuss more about online session hacking and session hacking attacks and different methods of Hijack the Sessions.
Though in the previous article I have already explained what the session cookies are but here I am posting it again just to recal…
Session Cookies are the string stored when we tends to login our account. But with unfortunate with hackers luck these strings have very short span of life i.e. gets automatically deleted after a set period of time. Now the question where these strings are stored -  In any situation there are only two places where these keys gets stored first one is itself the server and the second one is the browser cookies. And the destruction takes place at three ways first is when you close your web browser, second is when you sign out of your account and third is if you left your account open for more than 20 minutes idle. In general, cookies are used to maintain the sessions on the websites and store the remote address of the website.
Now when these session cookies are exploited in any ways to gain unauthorized access over any computer system or network then this whole process is termed as Session Hijacking.Sometime if said more technically it is called the HTTP Cookie Theft or Magic Cooke Theft… Nowadays several websites has started using HTTPS cookies simply called encrypted cookies. But we all know If encrypter exits so its decrypter also…
So now the question arises why the session cookie is hijacked and how it helps a hacker to gain access over to a system…
As it has already been mentioned that Session Cookies are the responsible keys to a person authentication so if any one gets these id… then he can easily bypass the authentication process and gain the access to the machine.  It would not require any reauthentication because the session is already active so the hacker can easily access the resources and sensitive information like passwords, bank details and much more. Isn’t this very terrific…
As we have got information what these “Session Cookies” are now let we see what are the ways…..
Session Hijacking involves two types of attacks :
1. Active attack
2. Passive attack
First Avtive Attack; in this type of attack Hackers tries to find an active session and takes control over it by forcing one of the parties makind offline forcibely. This is generally achieved by DDOS attack (Distributed Denial of service attack). Once if a hacker taken over this under his control then he can executes the commands on the system that either give him the sensitive information such as passwords or allow him to login at later time. Though the mentioned is the most common but there are also a hybrid attack , here the attacker watches a session for while and then becomes active by taking it over. Another way is to watch the session and periodically inject data into the active session without actually taking it over.
Now lets we Come to Passive attacks; in this type of attack a hacker Hijacks a session, but just sits back and watches and records all the traffic that is being sent from the computer or received by the computer. This is useful for finding the sensitive information like username passwords of websites, windows and much more…
As you learned the whole what Session hacking are and its types. Now its turn to Methods Involved; There are four main methods used to perpetrate a session hijack. These are:
  • Session fixation, where the attacker sets a user’s session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.
  • Session sidejacking, where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.
  • Alternatively, an attacker with physical access can simply attempt to steal the session key by, for example, obtaining the file or memory contents of the appropriate part of either the user’s computer or the server.
  • Cross-site scripting, where the attacker tricks the user’s computer into running code which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.
Posted by at 2 comments:
Labels: , , , , ,

Looking for Hacking Tricks: List of Best hacking Articles Published till Date


These days hacking word has become too much popular; and its craze among the users is tremendous… Now even if you are also fond of Hacking Articles then below is the complete list of article you may love to read published on Tricksnhacking.com… Here goes the list Enjoy
Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)