The Inquirer-Home

Carberp Trojan makes Facebook users pay to unlock accounts

Sophos reveals koobface gang
Wed Jan 18 2012, 10:46

SECURITY FIRM Trusteer has revealed that the latest strain of the Carberp Trojan tricks users into using an e-cash voucher to unlock their accounts.

The malware swaps Facebook for a fake login page that claims the user's account is temporarily locked, known as a man-in-the-browser attack. They must then fill out a form of details including name, email, address, year of birth and one for an e-cash voucher to 'unlock' their account.

Facebook Carberp Trojan

Amit Klein, CTO of Trusteer said, "Unlike attacks against online banking applications that require transferring money to another account which creates an auditable trail, this new Carberp attack allows fraudsters to use or sell the e-cash vouchers immediately anywhere they are accepted on the internet."

To unlock the account a €20 Ukash code must be entered that will "added to your main Facebook account balance". Of course this is not the case and the page will not unlock the Facebook account and the attacker will use the voucher code.

The hackers behind another piece of Facebook malware, a botnet called koobface that gave the group control of thousands of computers, have been named. An investigation by security outfit Sophos has revealed the group after a long and thorough investigation.

Independent researcher Jan Drömer and Dirk Kollberg of Sophos tracked them down through a series of "schoolboy social networking errors".

The group of five individuals consists of Roman K., Svyatoslav P., Alexander K., Anton K. and Stanislav A. Sophos made it clear that they have not been charged or found guilty but all evidence has been handed over to law enforcement agencies. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015