Hackers bypassed the social networking site's captchas to
create new accounts at will.
Facebook on Thursday was hit with yet another spyware attack.
This time hackers managed to crack the security captchas
-- the words or letter combinations that users are asked to
retype when registering -- to create new Facebook accounts
designed to steal users' account and personal information.
Roger Thompson, chief of research at AVG Technologies,
detailed this latest scam in a blog post Thursday morning.
He said that this new tactic was "one of the first if not the
first time" that hackers were able to compromise the Facebook
captcha.
"We're seeing a lot of these, all from different profiles,
but with the same picture and link," Thompson said. "I'm sure
Facebook will deactivate all these accounts as quickly as they
find them, but it can't be an easy thing for them to find."
Facebook spokesman Simon Axten told InternetNews.com the
social-networking site is working to identify all the bogus
accounts in order to disable them en masse.
"The URL contained in the profiles has already been
blacklisted by the major Web browsers and blocked from being
shared on Facebook," he said. "We're looking into how these
accounts were created, but it's very likely that the sign-up
process was manual, or that the person behind the attack
farmed out the captchas to be solved by humans for a price."
Axten said Facebook uses an outside captcha company,
reCAPTCHA, for the security feature. reCAPTCHA was acquired
by Google last month and, according to Facebook, is a highly
regarded provider for sites including Ticketmaster.com.
Facebook and its more than 300 million members are no
strangers to the exponential increase in attacks on social
networking sites in the past few years.
Along with a series of so-called "419" scams, Facebook has
been tagged by all manner of hacking schemes, including a
February attack when spammers hijacked a Facebook group with
more than 1.5 million users.
Security software vendor Websense last month reported that 95
percent of user-generated comments on blogs, message boards
and chatrooms are spam or contain links to malicious code.
"On the education front, we encourage users not to click on
strange links and to take appropriate steps if they feel their
computer or Facebook account has been compromised, Axten said.
Aucun commentaire:
Enregistrer un commentaire