Free farm cash from Zynga? No, it’s another viral Facebook scam

Scams continue to be a nuisance on Facebook, with the latest posing as a way to get free cash for your farm in the popular online game FarmVille.

If you’ve seen messages like the following, don’t click on the link:

Whohoooooo..... Zynga team gave me 310 Farm Cash absolutely free YES FREE for Christmas bonus..this is so damn COOL..! They are really giving 310 farm cash bonus but for a Very short time ...This OFFER WOULD LAST AN HOUR OR TWO ONLY ...Hurry !..Get yours asap . Here on their link

Whohoooooo..... Zynga team gave me 310 Farm Cash absolutely free YES FREE for Christmas bonus..this is so damn COOL..! They are really giving 310 farm cash bonus but for a Very short time ...This OFFER WOULD LAST AN HOUR OR TWO ONLY ...Hurry !..Get yours asap . Here on their link - [LINK] Be quick !

The offer describes itself as the “310 FV Cash Christmas Offer [Zynga Official]“, but there’s nothing official about this offer and it didn’t originate from FarmVille’s developers.

If you did make the mistake of clicking on the link, however, you find yourself taken to a webpage that certainly presents itself as though it is connected with FarmVille.

FarmVille offer

Which, in turn, invites you to grant permission to a third party application to gain access to your Facebook profile.

Farm cash application request

Agreeing to this would be a mistake that plays straight into the hands of the scammers, as it gives them the ability to access parts of your Facebook profile – including the ability to post messages as though they come from you. In this way, they invite others to click on the link (your friends may be more tempted if they see “you” talking about the free FarmVille cash), and so on…

Farm Cash newsfeed update

Here you can see other wording used in the scam, designed to trick your online friends that this really is an official Zynga-endorsed offer:

GREAT NEWS! Zynga team gave me 310 Farm Cash absolutely free YES FREE for Christmas bonus..this is so damn COOL..! They are really giving 310 farm cash bonus but for a Very short time ...its a LIMITED TIME OFFER for FEW HOURS ONLY ...Hurry !..Get yours asap . Here on their link [LINK] BE FAST else you would loose a golden chance !

Be as quick as possible else you would loose a golden opportunity of getting free 310 Fv cash .
Greetings ! We the official team of Zynga Team is giving 310 Farmville cash bonus absolutely free on account of Christmas Celebration . This offer is limited FOR FEW HOURS ONLY so grab yours as soon as possible.Merry Christmas . Zynga Team Ltd.

So, why are the scammers doing this? Well, it appears that as usual they were attempting to drive traffic to a revenue-generating survey.

However, when I checked the scam out it appeared that their attempts to host code at the 123ContactForm service had flopped, as administrators there had replaced it with a warning that their terms of service had been breached.

Message on 123ContactForm website

Nevertheless, that isn’t enough for the message to stop spreading rapidly across Facebook.

Don’t allow scams like this to pollute your Facebook page – always think twice before clicking on links, even if they seem to have been shared with you by your online Facebook friends.

In particular, you should always be suspicious whenever a third party application requires to access their profile without a legitimate reason.

If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.

Don’t forget to spread the word, warning your friends about scams like this and teach them not to trust every link that is placed in front of them. Learn more about Facebook and internet security threats by joining the thriving community on the Sophos Facebook page.

Source: Free farm cash from Zynga? No, it’s another viral Facebook scam


Posted in Naked Security, English-Italian Translations and tagged , , , by with no comments yet.

Cracking Passwords In The Cloud: Amazon’s New EC2 GPU Instances

Update: Great article about this at Threatpost! This also got slashdotted, featured on Tech News Today and there’s a ZDNet article about this.

Update: Because of the huge impact I have clarified some things here. And thanks again to my employer, the Lanworks AG, for supporting my efforts.

As of today, Amazon EC2 is providing what they call “Cluster GPU Instances”: An instance in the Amazon cloud that provides you with the power of two NVIDIA Tesla “Fermi” M2050 GPUs.

The exact specifications look like this:

22 GB of memory
33.5 EC2 Compute Units (2 x Intel Xeon X5570, quad-core “Nehalem” architecture)

2 x NVIDIA Tesla “Fermi” M2050 GPUs
1690 GB of instance storage
64-bit platform
I/O Performance: Very High (10 Gigabit Ethernet)
API name: cg1.4xlarge

GPUs are known to be the best hardware accelerator for cracking passwords, so I decided to give it a try: How fast can this instance type be used to crack SHA1 hashes?

Using the CUDA-Multiforce, I was able to crack all hashes from this file with a password length from 1-6 in only 49 Minutes (1 hour costs 2.10$ by the way.):

1
2
3
Compute done: Reference time 2950.1 seconds

Stepping rate: 249.2M MD4/s
Search rate: 3488.4M NTLM/s

This just shows one more time that SHA1 for password hashing is deprecated – You really don’t want to use it anymore! Instead, use something like scrypt or PBKDF2! Just imagine a whole cluster of this machines (Which is now easy to do for anybody thanks to Amazon) cracking passwords for you, pretty comfortable :-) Large scaling password cracking for everybody!

Some more details:

If I find the time, I’ll write a tool which uses the AWS-API to launch on-demand password-cracking instances with a preconfigured AMI. Stay tuned either via RSS or via Twitter.

Installation Instructions:

I used the “Cluster Instances HVM CentOS 5.5 (AMI Id: ami-aa30c7c3)” machine image as provided by Amazon (I choosed the image because it was the only one with CUDA support built in.) and selected “Cluster GPU (cg1.4xlarge, 22GB)” as the instance type. After launching the instance and SSHing into it, you can continue by installing the cracker:

I decided to install the “CUDA-Multiforcer” in version 0.7, as it’s the latest version of which the source is available. To compile it, you first need to download the “GPU Computing SDK code samples“:

1
2
3
4
# wget http://developer.download.nvidia.com/compute/cuda/3_2/sdk/gpucomputingsdk_3.2.12_linux.run

# chmod +x gpucomputingsdk_3.2.12_linux.run
# ./gpucomputingsdk_3.2.12_linux.run
(Just press enter when asked for the installation directory and the CUDA directory.)

Now we need to install the g++ compiler:

1
# yum install automake autoconf gcc-c++

The next step is compiling the libraries of the SDK samples:

1
2
3
# cd ~/NVIDIA_GPU_Computing_SDK/C/

# make lib/libcutil.so
# make shared/libshrutil.so

Now it’s time to download and compile the CUDA-Multiforcer:

1
2
3
4
5
6
7
# cd ~/NVIDIA_GPU_Computing_SDK/C/
# wget http://www.cryptohaze.com/releases/CUDA-Multiforcer-src-0.7.tar.bz2 -O src/CUDA-Multiforcer.tar.bz2

# cd src/
# tar xjf CUDA-Multiforcer.tar.bz2
# cd CUDA-Multiforcer-Release/argtable2-9/
# ./configure && make && make install
# cd ../

As the Makefile of the CUDA-Multiforcer doesn’t work out of the box, we need to open it up and find the line

1
CCFILES := -largtable2 -lcuda

Replace CCFILES with LINKFLAGS so that the line looks like this:

1
LINKFLAGS := -largtable2 -lcuda

And type make. If everything worked out, you should have a file ~/NVIDIA_GPU_Computing_SDK/C/bin/linux/release/CUDA-Multiforcer right now. You can try the Multiforcer by doing something like this:

1
2
3
4
# export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
# export LD_LIBRARY_PATH=/usr/local/cuda/lib64:$LD_LIBRARY_PATH
# cd ~/NVIDIA_GPU_Computing_SDK/C/src/CUDA-Multiforcer-Release/

# ../../bin/linux/release/CUDA-Multiforcer -h SHA1 -f test_hashes/Hashes-SHA1-Full.txt –min=1 –max=6 -c charsets/charset-upper-lower-numeric-symbol-95.chr

Congratulations, you now have a fully working, CUDA-based hash-cracker running on an Amazon EC2 instance.

Source : Cracking Passwords In The Cloud: Amazon’s New EC2 GPU Instances


Posted in Stacksmashing.net, English-Italian Translations and tagged , , , , by with no comments yet.

Youth arrested over Call of Duty DDoS attack

Call of Duty

It feels like you can’t turn your back for a second without another story about distributed denial-of-service (DDoS) attacks popping up.

This one, however, has nothing to do with WikiLeaks and instead involves a co-ordinated cyber attack against a website running the popular “Call of Duty” video game.

According to news reports, a 17-year-old British teenager was arrested early on Thursday morning by computer crime police in the Beswick area of Manchester under suspicion of using malware to make the “Call of Duty” website unreachable by many online gamers.

A malicious program called “Phenom Booter” is said to have been offered for sale online, giving purchasers the ability to score more points and stop other gamers from playing.

Activision, the publisher of “Call of Duty” contacted police in September when they noticed the impact on their servers.

The youth, who has not been named, is being charged with offences under the Computer Misuse Act.

You may think that disrupting an online game server is a victimless crime, even for a game as popular as “Call of Duty”, but don’t forget that video gaming is a huge business – and the impact on publishers if their games are disrupted by malicious hackers can be significant.

Source: Youth arrested over Call of Duty DDoS attack


Posted in Naked Security, English-Italian Translations and tagged , by with no comments yet.

Video Barbie a New Form of Digital Evidence

The FBI’s Sacramento office issued a report last month warning that Mattel’s Barbie Video Girl could be used to produce child pornography. The doll has a video camera lens built into its necklace that can record up to 30 minutes of footage to be downloaded on a computer.

The FBI expressed concern that the toy’s camera could be used to lure children and surreptitiously film child pornography as Barbie and other dolls have been used in the past by sexual predators to attract victims. There have been no recorded incidents of the doll’s being used for criminal activity.

A sheriff’s spokesman told ABC News that the FBI alert will be helpful for drawing attention to investigators collecting evidence at a crime scene.

“When we’re doing a search warrant looking for media that a child pornographer may have used, we’re gonna have to put Barbie on the list just like any other cameras [and] computers,” said Sgt. John Urquhart from the King County Sheriff’s Department in Washington state.

Sources: NPR, Wired

Source: Video Barbie a New Form of Digital Evidence


Posted in DFI News, English-Italian Translations and tagged by with no comments yet.

Japanese couple arrested for robbing Lineage virtual characters

Lineage

Japanese police have arrested two people suspected of stealing virtual characters and goods from players of one of the world’s most popular online games.

29-year-old Yu Nishimura, a company employee of Kawasaki, and Kaori Tanaka, 39, a medical claims processor of Adachi Ward, Tokyo, are alleged to have used spyware to steal usernames and passwords from players of the Lineage II Massively Multiplayer Online Role Playing Game (MMORPG).

According to local media reports, the two are said to have advertised a website that offered Lineage players free tools to boost their online characters’ combat characteristics.

However, in reality, the tool is alleged to have stolen players’ credentials and sent the information back to Nishimura’s PC.

According to the claims brought against Nishimura and Tanaka, they were then able to illegally access the Lineage II game through other people’s user ids, and sell virtual belongings (such as swords and shields) for real money to other players.

In total, the pair are alleged to have made approximately 1 million yen (approximately US$ 12,000) through the scheme between April and June 2010. Over 100 people’s accounts are said to have been compromised.

NC Japan, the maker of “Lineage II – The Chaotic Throne”, which says it has lost about 100 million yen fighting hackers who try to break into players’ accounts, is reportedly planning to sue the two suspects for compensation.

Kanagawa police are treating the case as a violation of illegal access laws, but it’s possible it may be expanded to a more serious charge of business obstruction by fraud because of the financial impact on NC Japan.

Lineage II

This isn’t the first time that crime has taken place in a virtual world, of course. There have been many examples in the past.

For instance, in July 2009 the Australian Chief Executive of a virtual bank in a sci-fi online trading game stole 200 billion “kredits”, which he then used as a deposit on a real-world house, and British police arrested a 23-year-old man in connection with thefts from Runescape characters.

Japanese woman was arrested by police in 2008 after killing her virtual husband’s avatar in the virtual game MapleStory.

And earlier this year, Finnish police reported searched homes and confiscated computer equipment in their search for “virtual furniture” stolen from the virtual world of Habbo Hotel, a chat room and gaming website aimed at teenagers.

Online role-playing games first became popular in Asia, and so it’s no surprise that much of the malware we have seen which steals information from virtual gamers originated in that part of the world. In 2005, for instance, we reported on the arrest of a group of Korean men who made large amounts of money after stealing credentials from players of Lineage.

Some MMORPGs have responded to the growing problem by introducing hardware token devices (also sometimes distributed by real-world banks) to authenticate users are who they say they are. A solution which certainly makes it much trickier for a hacker to break into your online gaming account.

We shouldn’t treat cybercrimes like this any less seriously just because the items being stolen are “virtual”. They’re still have real value and are worth real money (clearly many people are prepared to pay for such stolen goods too).

If convicted, Nishimura and Tanaka could face a sentence of up to three years in prison, and a maximum fine of 500,000 yen (US$ 6,000).

Source: Japanese couple arrested for robbing Lineage virtual characters


Posted in Naked Security, English-Italian Translations and tagged , by with no comments yet.