Facebook: Two Phishes in One Day

Softpedia is reporting that Facebook was the subject of two recent phishing attacks taking place in a span of twenty-four hours, both attacking victims through the application aspect of the social website. The first was reported by security expert Christopher Boyd  (blog), claiming that the attack used an application called Customer Dispute, while the other phishing attack, reported by Rik Ferguson (blog), used a sex-themed application.

Boyd reported that the Customer Dispute application actually did not launch an application launch page, but rather cloned a Facebook URL that eventually led to a "404- Page Not Found" error. The error itself originated on hosting site Ridgeway, not Facebook, thus sending Boyd searching Google and discovering a hacker forum where the Customer Dispute author once resided. The author admitted to the crime long before Boyd discovered the scam, and removed the page. Ridgeway deleted that author's account, and the forum thread eventually disappeared.

The second phishing attack, discovered by Rik Ferguson, sent out numerous notifications to Facebook users, asking them to check out comments made on one of their posts; the notifications appeared as an application that supposedly had over 287000 fans. According to Ferguson, the hyperlinks in the notifications led users to a malicious website.

“The server loads up a JavaScript before immediately using HTTP meta refreshtags to pull up the real Facebook website and prompting the victim for their login credentials," he said. "The attack site is registered to an Arsen Tumanyan who allegedly resides in Armenia, the domain is registered through GoDaddy and the URL leads to an IP address that resolves to the Amazon Elastic Compute Cloud (EC2) cloud.”

Ferguson said that the attack did not directly steal financial data, but rather account credentials to send spam or other phishing attacks to other users.