You are viewing our Forum Archives. To view or take place in current topics click here.
If You Have Facebook Read
Posted:

If You Have Facebook ReadPosted:

JTAG_GFX
  • New Member
Status: Offline
Joined: Oct 27, 201113Year Member
Posts: 21
Reputation Power: 0
Status: Offline
Joined: Oct 27, 201113Year Member
Posts: 21
Reputation Power: 0
Anonymous' buzzworthy threat to take down Facebook on November 5th (Guy Fawkes Day) came and went without a hitch. But did the hacktivist group really just drop its mission to take down the social network?


It appears not. Yesterday, Anonymous released a video (see below) saying its programmers have uploaded a "highly sophisticated worm" that takes control of your Facebook account and spreads to your friends' accounts without you being logged in.

According to the video, which you can see below, the so-called "Fawkes Virus" has advanced network self-replication and remote abilities. Once it seizes your account, it spreads itself by making friend requests, sending private messages, and posting malicious links to your friends' wallsall without your knowledge. Anonymous also said the Fawkes Virus resembles 2008's Koobface worm which attacked Facebook and MySpace, however the Fawkes virus also receives commands from a remote attacker so it acts like a botnet too.

Based on this description, BitDefender thinks it has identified the worm using Safego, its free anti-scam protection for social networks.

"Backdoor.Bifrose.AAJX" is a backdoor that surfaced on July 8, the same day Anonymous claims it uploaded its virus. The malware gives authors full, unauthorized access to users' accounts, and hides itself by injecting malicious code into the memory process of Internet Explorer, which is how it deletes registry entries in firewalls and antivirus software.

It also acts as a keylogger, meaning it records your keystrokes as a way of stealing passwords, login names, and other sensitive information.

Like most Facebook malware, this one is spread through social engineering. It offers up a link to "New Facebook Video Chat with Voice Features," but if you click the link you begin downloading a poisoned archive called "scan_facebook.zip."

"Once it compromises a system, Backdoor-Bifrose-AAJXdoes pretty much what the hacktivists say, which is: injects itself in IE process, provides a remote attacker unhindered access to the compromised system, records keystrokes and kills several processes of known antimalware solutions, if installed on the computer," wrote George Lucian Petre, product manager of social media security at BitDefender, in a blog post.

But Petre said there are two reasons to think this is not the actual Fawkes Virus. First, the malware doesn't have the self-replication component Anonymous said it would. And second, a well-written Facebook worm backed by a clever social engineering strategy should be spreading pretty rapidly, which is not the case with Backdoor.Bifrose.AAJX. Furthermore most anti-scam protection detects this.

Back in July, Anonymous called on hackers to help it "destroy" Facebook on Guy Fawkes Day, under Operation Facebook. Weeks after the announcement was made, Anonymous clarified it was not actually taking down the social network, prompting many to think it was backing down.

Could the "Fawkes virus" be a reincarnation of Operation Facebook?

"After the worm gets under control, Anonymous will use this to its advantage against corruption, and as an alternative attack towards groups who take on Anonymous. We are Anonymous. We are a legion. We do not forgive. We do not forget. Expect us," the video says.

A commenter of the YouTube video who bills himself as a "legitimate member of Anonymous" said the virus was aimed at Facebook servers, not user accounts.http://securitywatch.pcmag.com/none/290546-anonymous-unleashes-facebook-worm-fawkes-virus


Last edited by JTAG_GFX ; edited 1 time in total
#2. Posted:
JTAG_GFX
  • New Member
Status: Offline
Joined: Oct 27, 201113Year Member
Posts: 21
Reputation Power: 0
Status: Offline
Joined: Oct 27, 201113Year Member
Posts: 21
Reputation Power: 0
read its important for facebookers
#3. Posted:
Mikey
  • Summer 2023
Status: Offline
Joined: Jun 22, 201113Year Member
Posts: 7,773
Reputation Power: 3100
Status: Offline
Joined: Jun 22, 201113Year Member
Posts: 7,773
Reputation Power: 3100
Glad I don't use facebook anymore, because things like this
#4. Posted:
JTAG_GFX
  • New Member
Status: Offline
Joined: Oct 27, 201113Year Member
Posts: 21
Reputation Power: 0
Status: Offline
Joined: Oct 27, 201113Year Member
Posts: 21
Reputation Power: 0
DJ_Pon3 wrote Glad I don't use facebook anymore, because things like this
i just heard of it it sucks
#5. Posted:
Z61
  • TTG Fanatic
Status: Offline
Joined: Apr 16, 201014Year Member
Posts: 4,309
Reputation Power: 179
Status: Offline
Joined: Apr 16, 201014Year Member
Posts: 4,309
Reputation Power: 179
Eh, they said IE, i has teh Chrome.
#6. Posted:
Crxyons
  • Challenger
Status: Offline
Joined: Sep 06, 201113Year Member
Posts: 158
Reputation Power: 6
Status: Offline
Joined: Sep 06, 201113Year Member
Posts: 158
Reputation Power: 6
I have never even heard of this untill now
#7. Posted:
Mikey
  • Winter 2023
Status: Offline
Joined: Jun 22, 201113Year Member
Posts: 7,773
Reputation Power: 3100
Status: Offline
Joined: Jun 22, 201113Year Member
Posts: 7,773
Reputation Power: 3100
Zachman61 wrote Eh, they said IE, i has teh Chrome.
What you don't know is that chrome can still be infected
#8. Posted:
Dong
  • Gold Member
Status: Offline
Joined: Nov 12, 201014Year Member
Posts: 3,695
Reputation Power: 10862
Motto: RIP to my bro Frankie | RIP Drakeo | RIP Dolph
Motto: RIP to my bro Frankie | RIP Drakeo | RIP Dolph
Status: Offline
Joined: Nov 12, 201014Year Member
Posts: 3,695
Reputation Power: 10862
Motto: RIP to my bro Frankie | RIP Drakeo | RIP Dolph
This sucks, I'm just glad I don't use facebook on a regular basis.
#9. Posted:
JTAG_GFX
  • New Member
Status: Offline
Joined: Oct 27, 201113Year Member
Posts: 21
Reputation Power: 0
Status: Offline
Joined: Oct 27, 201113Year Member
Posts: 21
Reputation Power: 0
everybody needs to see this
#10. Posted:
sloths
  • TTG Commander
Status: Offline
Joined: Jul 19, 201014Year Member
Posts: 6,375
Reputation Power: 284
Status: Offline
Joined: Jul 19, 201014Year Member
Posts: 6,375
Reputation Power: 284
and hides itself by injecting malicious code into the memory process of Internet Explorer

I use Google Chrome/
Jump to:
You are viewing our Forum Archives. To view or take place in current topics click here.