Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Facebook - PokerAgent botnet has compromised over 16,000 accounts

It is important to always be careful when installing any free application on Facebook, on mobile phones, etc. 

http://www.welivesecurity.com/2013/01/29/pokeragent-botnet-stealing-over-16000-facebook-credentials/

QUOTE:  The ‘PokerAgent’ botnet, which we have tracked in 2012, was designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats, presumably with the intention to mug the victims. The threat was mostly active in Israel. 800 computers were infected, over 16194 Facebook credentials stolen.  ESET Security Research Lab has discovered an attention-grabbing Trojan horse about a year ago. The signs which indicated that it would be something interesting were references to Facebook, its Zynga Poker App (seen from the text strings in the binary), the executable name “PokerAgent” and botnet features – the Trojan would request tasks from a C&C server.  ESET has been detecting the different variants of the Trojan generically as MSIL/Agent.NKY. After the initial discovery, we were able to find other versions of the Trojan, both older and newer, and acquire detection statistics which have revealed that the Trojan was most active in the country of Israel.