Facebook CAPTCHA no match for spyware attack

Hackers have found automated way to evade Facebook security, create rogue accounts

By Brad Reed , Network World , 10/01/2009

Hackers have found a way to create automated Facebook pages and are using them to spread spyware to unsuspecting users, says antivirus and Internet security firm AVG Technologies.

In a blog entry posted Thursday morning, Research Chief Roger Thompson said that AVG's LinkScanner users had started detecting some "rogue spyware attacks" that were coming from Facebook pages. When AVG started looking at the pages, it noticed that the Facebook profiles featured pictures of the same woman and merely had different names to differentiate them. Each page had a link to a supposed video that would infect user computers with spyware if clicked.

Thompson says that there are likely untold numbers of such rogue Facebook profiles on the Web right now, meaning that the hackers have somehow found a way to bypass Facebook's CAPTCHA system that requires users to retype a series of letters to activate an account. Thompson said that while Facebook will certainly delete any rogue accounts it finds, the accounts "can't be an easy thing for them to find" and will thus be difficult to eliminate.

The Facebook spyware attack coincides with an FBI warning released today saying that cybercriminals are increasingly using social networking websites such as Facebook to launch attacks. Among the popular techniques used by hackers are hijacking a user's account and sending spam to their friends that leads to a phishing site; creating applications on the site that include malware or rougue antivirus software; and using malware to gain access to users' personal information on their profiles.

http://www.networkworld.com/news/2009/100109-facebook-spyware.html?source=NWWNLE_nlt_security_2009-10-02

Justamente lo que estabamos platicando en la clase esta semana, romper los captchas.... creo que esta noticia nos da una idea de la realidad de las cosas o de la situación, los atacantes cada vez van mejorando sus tecnicas y van enfocando sus activiades a sitios que pueden ser muy redituables para ellos, como las redes sociales. Lo interesante sería saber el método que utilizaron para romper los captchas de facebook, para darnos una idea del conocimiento que se necesita para llevarlo a cabo. Definitivamente creo que los atacantes siempre van a estar un paso adelante de los encargados e investigadores de seguridad y el reto estará en llevarles el paso o tratar de aventajarles.