Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: You got a sec? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
You got a sec?

Have you ever been asked if "You got a sec?" by a friend via Facebook chat?

Well, one of our readers wrote in asking if we've seen this before.   The scenario described to us is such:

  • A Facebook chat pops up from a friend with:
    "Hey [your name] you got a second?"
  • If / when you reply, immediately a message returns similar to
    "I can't score higher than 600 on the quiz, do you think you can? [link provided]"
  • If you click...

Although, I have not personally experienced this type of incident, it smells of spam and or an app from the dark side.  It is important to understand this could be any number of things.  If you experience an incident like this, then do not click and a good approach would be to run Ad-Aware or similar scan on your system and review your Facebook application lists for anything suspicious. In addition, BitDefender has a service in BETA called safego which works as an app on Facebook with your profile and Norton Safe Web is free service that rates websites.

So if you've seen this before, then please share it with the rest of us with a comment.

Update

Read more about safego and protecting your Facebook activity on fellow handler Lenny Zeltzer's blog.

blog.zeltser.com/post/2132741436/facebook-antivirus-protection

--
Kevin Shortt
ISC Handler on Duty

Kevin Shortt

81 Posts
ISC Handler
Or maybe someone should grab the link and send it to us and we can analyze it ;)
HackDefendr

65 Posts
Here's some info:

http://www.bitdefender.com/NW1820-en--BitDefender-Announces-Beta-Launch-of-safego-Application.html
Anonymous
I had it happen to me on 12/1. It was from a very good friend I hadn't spoken to in many months, so my radar went off when my response to the chat didn't get the response from him I would have expected.

Domains in the event included the original survey request at http://www.mind-wiz.com/invite/h3tr, which redirected to a page at http://www.mymindquiz.com.

The URLs were not shortened (bit.ly, tinyurl.com, etc). The spelling/grammer in the "Eliza" chat was not perfect, but the mistakes are typical mistakes you'd see on FB (spelling "ridiculous" as "rediculous").

I don't know if this thing pulled "mutual friends" or not. My friend and I had a couple other friends in common, and Eliza mentioned that "Bill" scored pretty high. Bill is a common friend of ours.
Anonymous
yes i got that a week or so ago. It was from a person i knew in HS but no heard from in a while.
When i contact the person directly they said their account was hacked and they got lots of reply chats. this would indicate that the parties responsible are using a third party client to send the chat messages.
Anonymous
yes i got that a week or so ago. It was from a person i knew in HS but no heard from in a while.
When i contact the person directly they said their account was hacked and they got lots of reply chats. this would indicate that the parties responsible are using a third party client to send the chat messages.
Anonymous
I got one of these last week. The linked page prompted for a cell phone number to receive the results. The Very Fine Print™ indicated that by providing the number, you would be signing up for some "service" with a $10/month fee charged to your cell phone bill.
Anonymous
I have the answer: don't be on Facebook. I've yet to be owned via social engineering on Facebook or have my account hacked because I'm not on there.
Anonymous
Solution:
That's a ridiculous statement and it floors me when people posing as security professionals make comments like that. Of course no where did you state you were a professional, so I may have jumped to conclusions there.

By your logic, then let's do away with computers all together. Go back to pad and paper and most of our problems go away.

Ah but then what becomes of innovation and technology? True security professionals know how to balance security with usability. They understand that you can spend your time denying (as you have done with social networking) or you can figure out how to use it safely so you can educate the masses.

You havent learned yet, but you will someday, that the user base will do what they want to do regardless of you and your stance. So you need to learn how to educate them of the risks to make this world better for all of us.

Your crossed arm rebellion of facebook helps no one, not even yourself. Good luck to you in your professional growth.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!