New Zeus variant creates bogus Instagram accounts
Posted on 19.08.2013
If you are familiar with the results of a recently finished study regarding online content popularity that concluded that "likes" beget "likes", the fact that people are willing to pay good money for fake Twitter, Instagram and Facebook followers as well as "likes" and "retweets" will not come as a surprise.


The market for these "goods" is, in fact, strong enough to make the price asked on underground cybercrime forums for 1,000 fake Instagram followers or likes is considerably higher that that for 1,000 credit card numbers.

It's no wonder, then, that cyber crooks wielding the infamous Zeus information.stealing Trojan have recently been found using a new variant that not only searches for and records passwords, but also uses the zombified machine to check for available Instagram usernames.

According to RSA researchers, this new variant is able to download additional downloader malware onto the target's computer. After that, it performs search engine queries, likely in a effort to promote pages hosting additional malware to the top of search engine results.

Next, the malware checks for the availability of Instagram usernames by sending POST commands to the Instagram service via its mobile API.

"For servers and virtual machines running Windows operating systems, Instagram API calls are pushed into Instagram by spoofing User-Agent strings in an attempt to disguise the traffic as a Smartphone running an Android operating system," the researchers explain. "Spoofing is an important step, because Instagram doesn’t permit username availability searches from a Desktop PC."

The variant uses common dictionary words, combines them with some random characters and uses those concoctions as names for the fake accounts. And while its doing that, it also automatically “likes” photos on other Instagram accounts.

"Search engine optimization abuse and Instagram account abuse could just be the beginning," they say, adding that Zbot variants are surely going to also continue using their usual bag of tricks.









Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //