Facebook Under Massive Phishing Attack From China
Written on August 10, 2008 – 8:40 am
Steven Carrol, Next Web WebTipr France
Facebook is under attack with numerous phishing scams. It looks like the network effect is coming into full swing to allow the prolification of these scammers to spread virally. The worrying thing about these scams is that they are increasingly sophisticated.
Even Firefox’s alert warning “Get me out of here” did not work on this site (the second time it did), I can find no trace of the domains IP address as it is not listed on the whois.bizcn.com (who are their registrar).
This is the URL: FACEilBOOK.com.
How the phishing attack works
You’ll get a message from one of your friends saying to log in, then if you do, you compromise your default username/password. What worries me is that many people are lazy and use the same passwords for their other online accounts (such as Paypal etc.). Therefore, these attacks can become extremely malicious.
This is the information I have on this above scam:
Registrar: BIZCN.COM, INC.
ns1.4everdns.com
ns2.4everdns.com
changfeng zhang
03783306601 fax: 03783306601
kaifenghuanghedadao246hao61
kaifeng henan 475100
cn
Clearly these are dangerous people. If you do compromise your password, you could find yourself in one big identity theft mess.
UPDATE: Looking for the five questions for start-ups category?
The guy who submitted this post to Digg (thanks by the way), has picked a somewhat awkward thumbnail - the one of our Five Questions for Start-ups category. It actually is a cool category, especially when you interview some crazy Dutch guys who start talking about sex immediately.
I hope you like that post!
Do you have a start-up that we should write about? Contact us! Thanks for visiting and hope you come back again!
Email
Facebook
Netlog
Linkedin
Twitter
The Next Web Blog is closely associated with The Next Web Conference which is held annually in Amsterdam, The Netherlands. At this event speakers from all over the world come together to talk about, and show of, the future of the Web. (
By Steven Carrol on Aug 10, 2008
Here is the IP of part of this bastards network,
202.111.175.39
This is also part of the scam: Logonsish.com
These are other sites hosted on the same IP
1) advertise-bz.com (view site)
2) com.rnyspacelogon.com (view site)
3) debtbreakfreeusa.com (view site)
4) demographic-data.net (view site)
5) fanebook.com (view site)
6) flawlesswatches.com (view site)
7) getremoved.net (view site)
8) join-today.net (view site)
9) mchughrecruitment.com (view site)
10) mylyearbook.com (view site)
11) myspecai.com (view site)
12) myzyearbook.com (view site)
13) rnyspacelogon.com (view site)
14) secure-myspace.com (view site)
15) sxygirls.net (view site)
16) vids-rnyspace.com (view site)
17) vids-rnyspace.com (view site)
[Reply]
By dupo on Aug 10, 2008
If you logon with a non existing email and password, beware that it takes your cookie to logon anyway with the right email and pass…
I accidently did this, any suggestions now?
[Reply]
By Steven Carrol on Aug 10, 2008
dupo change your pass in FB
[Reply]
By dupo on Aug 10, 2008
Did that, together with all my other pasws. Except for Windows Live (for MSN). And now i’m not able to login to msn because the passes are wrong… Thank god my GMAIL account is not compromised, just my msn list…
[Reply]
By arkin on Aug 11, 2008
I’m not 100% on this, but from a web developers point of view.
Clear your cache, including files, cookies, saved passwords and history. Then login to your facebook (and other sites) normally, reset the passwords and you should be fine.
This is on the basis your accounts passwords are still the same :)
[Reply]
By brian on Aug 11, 2008
i’m using operamini at the moment…can my passes b compromised as well?
[Reply]
By erichansa on Aug 11, 2008
thumbnail aside– this is good info. I never log on to anything from inside and email–always go to the site itself, but then I am a bit paranoid:-)
[Reply]
By Alex on Aug 11, 2008
It’s not just about facebook. It’s part of the safe computer and internet usage. Don’t open password sensitive websites from emails or untrusted websites. Never Ever.
[Reply]
By jasonking on Aug 11, 2008
i hope that it is not aim at my country …
it’s just an example ….
[Reply]
By Jim McDosh on Aug 11, 2008
LOL, As long as they dont mess with MySpace I am OK with it!
JT
[Reply]
By Ryan on Aug 11, 2008
http://i30.photobucket.com/alb.....hising.jpg
[Reply]
By Steven Carroll on Aug 11, 2008
http://www.journeyman.tv/download.php?id=17206
this is a link to a documentary about Chinese hackers.
[Reply]
By Steven Carroll on Aug 11, 2008
No doubt this will be the next domain used which still does not come up with the Firefox warning.
http://www.fanebook.com
[Reply]
By Mendy on Aug 14, 2008
dupo are you sure that it “takes your cookie” or did you just still have the facebook cookie in your browser so when it redirected to the home.php page it went back to your account? I went ahead and changed all my passwords that were stored in my cookies just in case, but I’m thinking it’s more likely that it just records emails/pwords that you put in.
[Reply]
By Tyler on Aug 14, 2008
So two questions about 2 different situations (and please, help in laymen’s terms…):
1) I got linked to the fanebook site, but didn’t type anything in and left immediately. Do I have any worries about my saved logins and passwords for any/all of my websites.
2) A friend of mine actually attempted to login with their facebook info. I would assume they should immediately change the facebook password, but do they have worries for any other passwords that might be saved on their browser?
For clarification - we both have MacBooks. Thanks for any and all help!
[Reply]
By Steven Carroll on Aug 14, 2008
Tyler
1) no
2) yes
if they submitted the info then they would have compromised their details. In which case change all passes on all sensitive sites that are the same.
[Reply]
Thanks for the quick response Steve.
For more clarification on the second situation - does it actually gather the saved passwords from the other sites? Or does it just have the one facebook password and hopes that it is the same as all other websites?
Also, what kind of time frame would she be looking at to change the information before anything happens? She entered last night. And, after switching all passwords, what kind of “extra” steps should be taken?
EDITED: Also, if a password to a different site aren’t saved to the browser, but used regularly, should those be changed as well? I am just trying to understand and learn about these phishing sites and how to prevent any problems that might occur if I run into other friends with the same issue.
Thanks for all the insight and help!
[Reply]
By Steven Carroll on Aug 14, 2008
the problem is people sometimes use one pass for many sites, the phishing scams work to get info from say FB then no doubt I assume try these details in paypal ect. So if the passes are same then this is a problem and all should be changed if they are the same.
Normally from my understanding, the phishers will change the passes of sites they gain access too locking you out. This is so they can abuse your network etc.
[Reply]
Great! Thanks for the help! I completely understand the changing of other passwords to be safe. So, kind of in closing, in essence they really only get the password that is typed in, nothing else. If that happens to be a password for another one of your accounts then they can use it for those as well (paypal, bank accts, bill paying accts, myspace accts, etc). Would they need the login name as well?
Again, thank you for all the help! You really are a “life” saver!
EDITED: OH and for one more final clarification: they will not be able to gain access to any of your browser saved passwords (obviously unless it is the same as you FB password)? Just want to be very clear on this part, haha. Thanks again!
[Reply]
By Steven Carroll on Aug 14, 2008
no they cannot get anything from your system unless you give it to them, and they would need both user and pass for all systems
[Reply]
Thanks again Steve. I really appreciate it.
[Reply]
By Catie on Aug 19, 2008
It places a tracking cookie, so it can access your history, saved passwords etc.
[Reply]
By Jessica on Aug 20, 2008
When I had facebook, I used the same password as I do for my MSN. I never changed it when I deleted my facebook.
This is the link I clicked:
http://newvids.vidid902812.facecooks.com/
This is what it said:
Unable to complete forwarding for fanebook.com. The URL where this domain is being forwarded to is listed as spam in some spam lists. For information regarding the lists, please use the following informatino: Blocked, fanebook.com on lists [ph], See: http://www.surbl.org/lists.html
Unfortunately, we can’t provide any assistance in removing your domain from the list(s). Please contact list owner directly.
Should I be worried?
[Reply]