BELMONT, Calif. -- Researchers at FaceTime Security Labs have discovered and reported a hacking Web site offering automatically generated text for use in creating phishing emails to steal login details for popular Web mail and social networking sites. A drop-down menu on the site offered phishing email options for Hotmail, Yahoo, MySpace, Orkut, Facebook and hi5. FaceTime researchers immediately reported the finding to the site's hosting provider, who disabled access to the site - www.hothackerclub.com - on Friday, Jan. 25.
To use this "DIY phishing service," the hacker needed only to decide which of the victim's email or social networking services they wanted to target. Selecting the service they wanted to phish and the kind of e-card message the victim would be sent was as easy as using a drop-down menu. Once the victim clicked a phish link they would be taken to a different site hosting the phish pages. When the victim entered their login name and password, that data would be sent back to the main hothackerclub.com website. The hacker could then watch their login space fill up with stolen account details.
The FaceTime research team offers a detailed accounting of the hacking scheme at http://blog.spywareguide.com.
Increasing IT Concerns over Social Networking
Social networking is fast becoming a top security concern for enterprise IT managers, and with good reason, as employees continue to believe they have the right to use their company's network for personal Web surfing, instant messaging, and accessing social networks. According to the survey "Greynets in the Enterprise: Third Annual Survey of Trends, Attitudes and Impacts," commissioned by FaceTime and conducted by NewDiligence Research, approximately eight in ten employees will surf, shop and chat over the company network, testimony to the continued blurring of personal and professional workspaces. Corporate employees can be commonly found "looking at interesting sites" on the Web, according to the survey, including social networking sites like Facebook and MySpace as well as banking, shopping, chatting and downloading music, photos and video.
FaceTime's www.GreynetsGuide.com Web site catalogs and classifies the security risks of a growing number of greynets of concern to enterprise IT managers in categories including instant messaging, peer-to-peer file sharing, gaming software, IPTV, remote administration, multimedia, VoIP, anonymizers, social networking sites and other Web 2.0-enabled applications.
"The Internet has become a platform for new applications and collaboration. The consumerization of the employee desktop is rapidly causing IT managers to look at the security, productivity and compliance implications of instant messaging, Web 2.0 and social networking applications," said Frank Cabri, vice president of marketing and product management for FaceTime Communications. "Organizations that learn how to enable and innovate around the usage of these real-time applications can gain a real business advantage. At the same time, these organizations are faced with managing inbound malware, data leakage and compliance risks over an increasingly heterogeneous environment of both corporate-sanctioned unified communications platforms and consumer-oriented applications."