Comments for Guy's super-duper site http://gfreeman.wordpress.com Yet another Freeman spectacular Sat, 17 Oct 2009 16:05:22 +0000 http://wordpress.com/ hourly 1 Comment on How many countries can a citizen visit without a visa? [Bonus Economist Graph Edition] by JOHNSON,NIGERIAN http://gfreeman.wordpress.com/2009/03/05/how-many-countries-can-a-citizen-visit-without-a-visa-bonus-economist-graph-edition/#comment-3600 JOHNSON,NIGERIAN Sat, 17 Oct 2009 16:05:22 +0000 http://gfreeman.wordpress.com/?p=104#comment-3600 WHICH IS VISA FREE TO GUINEA REPUBLIC WHICH IS VISA FREE TO GUINEA REPUBLIC

]]> Comment on The Ainu of Japan believe that the world is supported by a Giant Trout and that sin is caused by otters. by Anonymous http://gfreeman.wordpress.com/2009/05/25/the-ainu-of-japan-believe-that-the-world-is-supported-by-a-giant-trout-and-that-sin-is-caused-by-otters/#comment-3598 Anonymous Sun, 20 Sep 2009 20:43:08 +0000 http://gfreeman.wordpress.com/?p=138#comment-3598 its not very good you know!!! its not very good you know!!!

]]> Comment on Facebook trojan? by Mark http://gfreeman.wordpress.com/2009/09/03/facebook-trojan/#comment-3593 Mark Sun, 06 Sep 2009 16:52:39 +0000 http://gfreeman.wordpress.com/?p=177#comment-3593 Thanks for sharing! I received a notification this morning, and your site was the first one I checked out! : ) - Captured a screen cap and posted it to photobucket and on FB to share with friends. I've also sent it along to FB support. Thanks again! -Mark Thanks for sharing! I received a notification this morning, and your site was the first one I checked out! : ) – Captured a screen cap and posted it to photobucket and on FB to share with friends. I’ve also sent it along to FB support.

Thanks again!
-Mark

]]> Comment on Facebook trojan? by Sam http://gfreeman.wordpress.com/2009/09/03/facebook-trojan/#comment-3592 Sam Sat, 05 Sep 2009 17:06:41 +0000 http://gfreeman.wordpress.com/?p=177#comment-3592 I received a notification that I had a gift from a friend. Clicked it, it showed the same website url, but nothing happened. I am using Windows 7 with google chrome. I have mcafee anti-virus on my computer as well. I tried doing an update and it said that my gdeltaavv.ini file was corrupt and could not update the DAT. I ran it again and it downloaded fine. Coincidence? I have no idea. I changed my facebook password on another machine and i'm running a full system scan. Any other suggestions? I received a notification that I had a gift from a friend. Clicked it, it showed the same website url, but nothing happened. I am using Windows 7 with google chrome.

I have mcafee anti-virus on my computer as well. I tried doing an update and it said that my gdeltaavv.ini file was corrupt and could not update the DAT. I ran it again and it downloaded fine. Coincidence? I have no idea.

I changed my facebook password on another machine and i’m running a full system scan. Any other suggestions?

]]> Comment on Facebook trojan? by kitten http://gfreeman.wordpress.com/2009/09/03/facebook-trojan/#comment-3589 kitten Thu, 03 Sep 2009 22:12:00 +0000 http://gfreeman.wordpress.com/?p=177#comment-3589 hi, I've been keeping an eye on this tonight cause I was also caught out, by the looks of things it's just facebook information it's stealing, do you think there's any threat to our passwords for other sites? hi, I’ve been keeping an eye on this tonight cause I was also caught out, by the looks of things it’s just facebook information it’s stealing, do you think there’s any threat to our passwords for other sites?

]]> Comment on Facebook trojan? by John Wilander http://gfreeman.wordpress.com/2009/09/03/facebook-trojan/#comment-3588 John Wilander Thu, 03 Sep 2009 21:19:37 +0000 http://gfreeman.wordpress.com/?p=177#comment-3588 I rather think it's a cross-site request forgery than a cross-site scripting attack. My take on this: The suspicious site 'fastredbk' knows that anyone accessing it is simultaneously logged on to Facebook since that's where the links are spread. fastredbk contains a request to facebook.com. That request will be issued in the victims browser, thus using the victim's Facebook account. The request is a one-click attack that sends notifications to all the victim's friends, attaching a link back to fastredbk. Then of course fastredbk can contain various kinds of malware to exploit vulnerable browser plug-ins and such. So victims might well be compromised as well as spread the worm on to their friends. As I said, the explanation above is just my guess. I rather think it’s a cross-site request forgery than a cross-site scripting attack.

My take on this:
The suspicious site ‘fastredbk’ knows that anyone accessing it is simultaneously logged on to Facebook since that’s where the links are spread. fastredbk contains a request to facebook.com. That request will be issued in the victims browser, thus using the victim’s Facebook account. The request is a one-click attack that sends notifications to all the victim’s friends, attaching a link back to fastredbk.

Then of course fastredbk can contain various kinds of malware to exploit vulnerable browser plug-ins and such. So victims might well be compromised as well as spread the worm on to their friends.

As I said, the explanation above is just my guess.

]]> Comment on Facebook trojan? by Guy http://gfreeman.wordpress.com/2009/09/03/facebook-trojan/#comment-3587 Guy Thu, 03 Sep 2009 21:06:44 +0000 http://gfreeman.wordpress.com/?p=177#comment-3587 Hi Michelle, thanks for your research. Reading the article, though, it doesn't strike me as the same phenomenon, because that required installing the rogue app. Here, unless I'm mistaken (and John's story fits with this), only clicking on the rogue notification is required. Perhaps it's a cross-site scripting (XSS) attack? Hi Michelle, thanks for your research. Reading the article, though, it doesn’t strike me as the same phenomenon, because that required installing the rogue app. Here, unless I’m mistaken (and John’s story fits with this), only clicking on the rogue notification is required. Perhaps it’s a cross-site scripting (XSS) attack?

]]> Comment on Facebook trojan? by Michelle http://gfreeman.wordpress.com/2009/09/03/facebook-trojan/#comment-3586 Michelle Thu, 03 Sep 2009 20:52:42 +0000 http://gfreeman.wordpress.com/?p=177#comment-3586 After a little more poking around, I suspect that it's a new incarnation of "rogue apps" that were reported two weeks ago (first on Trend Micro and later on CNet News). Here's an article from CNet about them: http://news.cnet.com/8301-27080_3-10313618-245.html After a little more poking around, I suspect that it’s a new incarnation of “rogue apps” that were reported two weeks ago (first on Trend Micro and later on CNet News). Here’s an article from CNet about them:
http://news.cnet.com/8301-27080_3-10313618-245.html

]]> Comment on Facebook trojan? by John Wilander http://gfreeman.wordpress.com/2009/09/03/facebook-trojan/#comment-3585 John Wilander Thu, 03 Sep 2009 20:49:19 +0000 http://gfreeman.wordpress.com/?p=177#comment-3585 Hi! I'm the Swedish guy who wrote about the what-I-presume-is-a Facebook worm. It seems the bogus message links only appear in the notification meny in the lower right corner. The "message" never appears in the inbox. The friend who unknowingly sent me the link told me he got a message himself, clicked it, ended up at a broken "My photos" page and closed it. In the mean time he had sent a bunch of links to his Facebook friends. Seems like a CSRF that exploits a bug in the notification service. /John Hi! I’m the Swedish guy who wrote about the what-I-presume-is-a Facebook worm.

It seems the bogus message links only appear in the notification meny in the lower right corner. The “message” never appears in the inbox.

The friend who unknowingly sent me the link told me he got a message himself, clicked it, ended up at a broken “My photos” page and closed it. In the mean time he had sent a bunch of links to his Facebook friends.

Seems like a CSRF that exploits a bug in the notification service.

/John

]]> Comment on Facebook trojan? by Michelle http://gfreeman.wordpress.com/2009/09/03/facebook-trojan/#comment-3584 Michelle Thu, 03 Sep 2009 19:41:50 +0000 http://gfreeman.wordpress.com/?p=177#comment-3584 I got one today too; the icon looked like a gift but the notification was that I had a message. When I saw that the address it was trying to load was not on Facebook, I stopped it immediately, so I don't know whether those php errors you report would have resolved for me. Right now I'm not finding anything about it other than this page, so it must be a new attack (presuming it's an attack, that is). I got one today too; the icon looked like a gift but the notification was that I had a message. When I saw that the address it was trying to load was not on Facebook, I stopped it immediately, so I don’t know whether those php errors you report would have resolved for me. Right now I’m not finding anything about it other than this page, so it must be a new attack (presuming it’s an attack, that is).

]]>