Facebook Dislike Button - Beware, Scam Spreading

A new facebook scam message is spreading rapidly and has gone viral among the facebook users,  It looks like that Facebook has became most favorite play ground for spammers, After the Dad Catches Daughter on Webcam scam it seems like Facebook Dislike button has gone viral, Here is the screenshot of the Facebook dislike button scam message:

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!

 Now as you can see from the above screen shot the link "Activate Dislike Button" looks genuine and it appears to be where the Share button is placed. Once the victim clicks on the "Activate Dislike Button", He arrives on a page where it asks to paste a JavaScript on to his/her address bar. Once the victim does that, The same message get's posted on his/her wall.

How It Works?

As I told you above that the "Activate Dislike Button" appears where the "share" button is usually placed, This is all because of the javascript, The Javscript which the victim pastes in his/her address bar actually renames the "Share" button to "Activate Dislike Button" but the functionality of the button is same due to which the message get's posted on the victims wall.

Is it a Virus?

Yes it is, When I clicked on the "Activate Dislike Button" it brought me a to page where I was asked to paste the javascript, suddenly my Antivirus(AVG) popped up indicating the virus to be some kind of "Social Engineering(Security)type 1710" virus.

It looks to me as it's a part of russian malware, Which once executed properly will leak your email passwords like Facebook, Yahoo, hotmail, Ebay, Paypal etc to the hacker.

Virtox Virus Mis-belief

Some of websites I came across which were telling that it's a Virtox virus, but the truth is that there is no such virus known as "Virtox" and it might be made up by a person who started this scam

Low Antivrus Detection Rate


I used Virus total's URL scanner for analyzing it and I was really shocked to see the antivirus detection rate to be as low as 5/42, Here is the screenshot:

Warning

This whole testing process was performed in a virtual environment, Don't Attempt to try it on your own computer or you will result in infecting your self, If you think that you have been infected, Scan your system with a Good Antivirus.

Hope you have liked my post and I hope in you won't fall for these scams in your near future, If you want to reproduce this article, make sure you give the credit to the original author and the website.If you would like to know more about facebook scams kindly Join our Facebook Fan Page.

What Is Doxing? - Doxing And It's Uses

First, let me explain what Doxing is. Doxing is the process of gaining information about someone or something by using sources on the Internet and using basic deduction skills. Its name is derived from “Documents” and in short it is the retrieval of “Documents” on a person or company.


You’re probably thinking, “Okay, so basically it’s getting information from searching someone’s email on Google right?” in a sense yes, but there are actually easier ways to get someone’s information online. The most popular and most common method is to use a website called Pipl (http://www.pipl.com/). Pipl allows you to search for full names, emails, usernames, and even phone numbers, thus making it a very useful tool for hackers. Another source hackers can use is Facebook (http://www.facebook.com). Sure, Facebook allows full name searches, but most hackers aren’t using it for its name search; they’re using it for its email search.


The main goal when Doxing is to find the target’s email (if you don’t have it). Your email is essentially your passport online; you sign up for websites using it, you have personal information on it, and if someone has access to it, they can essentially pretend to be you online. Once the hacker has the email, all he has to do is put it into Facebook or Pipl and he will be able to find you, assuming the email he has is connected to some account you have online. On the flipside of this, in order to find your email, the hacker either has to guess your email, befriend you on Facebook,or, hack one of your vulnerable friends and view your email that way. Once he’s done that, you’re in trouble.


Now, you’re probably thinking, “How’s he going to hack me with just my email?” well, that’s where Doxing comes in handy. If he can view your Facebook account, or he can find some other bit of information about you using Pipl, he can do what’s called reverting. Reverting is the process of using the target’s email’s recovery questions to gain access to the target’s email. Now, you may be thinking, “How’s he gonna guess my recovery question answers?” well, take a second look at your recovery questions and ask yourself, “Can someone find this answer online?” If you answered yes, then you’re vulnerable to reverting.
Any hacker reading this, that didn't previously know about reverting, would probably look at this and say

“This would never work!” but you have to remember… we’re all humans, and we all make mistakes. Surprisingly, this method works more often than you’d think, but it is not for anyone who is lazy. Doxers tend to spend a while searching around the web for information that they can use.


Chances are, you’ve made some mistakes online, and if a skilled Doxer finds that mistake, then you’re in trouble. The Doxing method is based purely on the ability of the hacker to recognize valuable information about his target and use this information to his benefit. It is also based around the idea that, “The more you know about your target, the easier it will be to find his or her flaws.”

How can you insure that you won’t be Doxed? Well, as the Internet becomes more and more useful and addicting, it will become harder to not get Doxed. The main issue for most victims is their security questions, and their password security. If a victim has a very easy-to-find recovery question, then the victim will be easily reverted within a matter of seconds. Also, if the victim has a simple password, it could get brute forced simply by using a wordlist that applies to the victim’s interests, likes, and fancies (of course, this method is not as popular).


So, the main rule to not getting hacked is: Have secure passwords, and almost impossible to guess recovery questions. The main rule to not getting Doxed is… to just stay off the Internet; but, who wants to do that?

About The Author

This was a guest post by David from www.MrCracker.com, where david writes related to hacking and security stuff, David also hosts a hacker podcast called Crackercast.

DAD CATCHES DAUGHTERS ON WEBCAM - Beware Facebook Viral Scam

As Facebook is one of the most widely used social networking website around, It is being hit by lots of viral scams, Today I just came across one of those viral scams when one of my friend on facebook shared a link on his wall, "[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI", The title of the link looked suspicious to me so i thought to figure out exactly what was going around.

[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI[LINK]two naughty girls get caught in the WORST moment while making a vid on their webcam! omg!!

When I clicked on it, I was redirected to a page where I was asked to click a button to play the video, The moment I saw it I noticed that it was a flash file and was not a real video.

This was just to fool the users and making them download the adobe flash plugin in order to play the video, Once I clicked on the button "Download Codec", A file named Freecodec.exe started to download, which made me think if it's a keylogger or a trojan but the file happened to be clean according to the "No virus thanks 32 Scanner".

Ultimately I was redirected to a webpage which was promoting a tool called Profile Stylez and the Freecodec.exe was the installation file for the Profile Stylez tool.

After viewing the source code of the page I found the following line of code which was responsible for spreading the link to your facebook wall, Any one with the basic knowledge of Html and IFrame would certainly know what this code is exactly doing, Here we actually discover a vulnerability in like.php code which abuses users trust for viral spreading of the links.

<iframe allowtransparency="true" frameborder="0" scrolling="no" src="http://www.facebook.com/plugins/like.php?href=www.blackinfopages.com%2Fi?4dcef0f134a10&amp;send=true&amp;layout=standard&amp;width=450&amp;show_faces=true&amp;action=like&amp;colorscheme=light&amp;font&amp;height=80" style="border: none; height: 80px; overflow: hidden; width: 450px;"></iframe>

Lastly I scanned the file Freecodec.exe on http://www.virustotal.com as I was a bit unsatisfied Novirusthanks due to my experience in past and guess what Symantec antivirus and VBA32 recognized it as a Trojan.Dropper.

Master Plan

So according to me the master plan was actually promote the tool and at the same time install malware in to victims computer and control their computers at the same time.

Security Measures

• Avoid clicking on those posts titles which have words such as "OMG, WOW, DAMN" they are most likely to do the same thing
• Always install any kind of Plugins and codecs from the official website, You might be installing malware along with the plugin.
• Always scan a file with an online virus scanner such as virustotal before running it on your own computer.

Hope you have liked my post and I hope in you won't fall for these scams in your near future, If you want to reproduce this article, make sure you give the credit to the original author and the website.

If you would like to know more about facebook scams kindly Join our Facebook Fan Page.

Can I Become A Good Hacker Without A Prior Knowledge Of Programming??

"Can I become a good hacker without knowning Programming?", "Is Programming necessary for learning how to hack", I usually get these question asked almost daily, There have been lots of debates on this topic, Some think that it's necessary while others think that it's not necessary at all, So I thought to write a post on this topic explaining my views if programming is necessary for becoming a hacker or not.

The answer is that it depends:

Why it's not necessary?

In early 90's the best hackers were known as those who were best at the knowledge of programming and the reason for that was probably that almost every thing was based on a command line so it was for sure that if some one is a good hacker he is surely a good programmer.

However the definition of hackers sort of changed after the beginning of 21'ST century, One could become a fairly good hacker without any knowledge of programming, This reason for that is because now a days there are lots of ready made tools which helps you to compromise a machine without any knowledge of Programming, Take an example of "Havij", Havij is a small software which helps you automate the process of SQL Injection and helps you extract sensitive database information in seconds where it may take hours in some cases to extract it, If you still don't agree with me try answering the following question:

Does it matter if an elite hacker writes a buffer overflow or a script kiddy runs a tool if the target system gets compromised anyway?

Where It's Necessary?

It's true that many good hackers are technology buffs and are curious about how things work, this is where you need to have prior knowledge of Programming in order to know how things work.

Another reason is why you should probably learn Programming is that you can write your own exploit (An exploit is a peice of code which can be used to gain access to the target machine using a specific vulnerability), which is the single most important thing which will separate you from rest of the script kiddies out there and most of the times some of the exploit codes comes with several code mistakes which are kept by Elite hackers themselves to prevent script kiddies or people with very little knowledge of hacking to run it.

In Short:

You can become a fairly good hacker without having a prior knowledge of programming but if you want take your hacking skills to the next level I will recommend you to learn Programming now the question which might arise in your mind is that what Programming languages should I learn?, I will cover it in my upcoming posts.

Feel free to express your views on the topic, Whether you agree with me or not?

An Introduction To Keyloggers, RATS And Malware

If you are one of our facebook fans than the chances are that you might have heard that I will be launching my newset book very soon, So the wait is finally over, Today I have decided to launch my new book "An Introduction To Keyloggers, RATS And Malware", The book is completly dedicated to newbies who are looking forward to play with keyloggers, Rats and various other forms of malware or are curious to know how they can protect their PC's from getting infected with Trojan, worms and other forms of viruses.

The book takes you right from the beginning from basics to some advanced types of attacks too, In this book I have also reviewed various types of best keyloggers out there so you can find it easier to to choose the best one according to your needs.

How Much Does it cost?

Well here is the best part , unlike my other products such as "A Beginners Guide To Ethical hacking" and "Facebook Hacking Course" i have decided to give this e-book for free, The reason why I am giving this e-book for free is because lots of people cannot afford the costs of my products, so I don't want any one to miss the chance of getting hands on it.

My aim is to create awareness among the individual related to Ethical Hacking and Security, This is probably the reason why I am running this blog in the first place. Every single day thousands of people fall for these types of attacks and end up loosing their sensitive data such as their username and passwords and in the worse case some of them end up loosing their credit card numbers too.

By reading this e-book I am very confident that you will be able to protect your computer from most of these types of attacks.

You can download the book here