PHP.net users that would like to access php.net were unpleasantly surprised today. Google flagged the website as suspicious and users of the Google Chrome and Mozilla Firefox browsers saw a security warning when they tried to visit the website.
According to the Google diagnostic page, suspicious content was found on php.net on October 23rd, 2013. Three domains were mentioned; cobbcountybankruptcylawyer.com, stephaniemari.com, and northgadui.com (owned by the same GoDaddy account) which were said to distribute malware to visitors of the site. Read more…
Recently, we have seen many Facebook posts with links leading to applications called Give Hearts, Drink It Up and Daily Horoscope. The applications are very popular – they have over 5 million monthly users – and are managed by the same provider called App Discovery Engine. The posts attracted my attention because they seem to be posted automatically. The entire post consists of the URL which contains quite long text separated with ‘+’. (Later we will see that the text is a horoscope that you see on the page of the application).
To begin investigating these apps I follow the link leading to the Give Hearts application. It redirects me directly to the application. But before I can use it I am asked to grant Give Hearts access to information on my Facebook account like my email or friend lists.
Another wave of Facebook phishing is spreading among Facebook users. Imagine you get a message from another Facebook user with a link to a new amazing Facebook app. Even if the sender is not your friend, you decide to go to the link. Instead of an application you see a fake Facebook login page. But here’s the catch – you don’t know it’s a fake!
Recently we have encountered a lot of Facebook apps which do nothing but redirect users to a fake Facebook login page. You cannot recognize from the link that the application has no real content. The URL of the application looks like http://apps.facebook.com/app_id where app_id is 15-digit identification number of the application. The application link usually contains its name (http://apps.facebook.com/app_name), but using the application ID in the link is also possible.