

Backtracking a Facebook hacker - gnurag
https://arcolife.wordpress.com/2013/06/21/a-little-probe-into-a-facebook-spam-add-plugin-to-update-your-browser/

======
arcolife
ORIGIN : The FB spam link redirects to the website which hosts the spyware.

The link says its a browser update & an add-on, gives instructions on how to
install it. If successful, then it modifies the browser and uses cookies to
gain access into FB accounts & starts spamming & tagging friends. This is
nothing but a digital ads money making formula. But I was curious & furious,
so decided to chase the details.

The update button actually points to a spyware.

I started digging deep. I download the spyware & read the code, looked for
dependencies and usernames, parsed few more links and found his profile. That,
and I also found a link containing a lot of sensitive Bank user details (which
he had hacked earlier and put into a doc) Also found links to currently hacked
websites.

I wish to discuss my findings, since this is my first probe of such kind. (and
the fact that i found some things, has got me excited ! ) Please visit the
blog (linked to the news header line) and look for further details on my blog.

