Wednesday, April 4, 2012

Facebook Users Targeted by Latest Ice IX Trojan Variant

Facebook Icon (circle)“In order to provide you with extra security, we occasionally need to ask for additional information. We need to verify your identity with a credit or debit card.”

That is the sales pitch thrown at unsuspecting users when they attempt to login to their Facebook account from a computer infected with the latest version of Ice IX, Trusteer reports.

Below the verbiage is an assortment of input fields, injected into the page by the malware in hopes of stealing sensitive financial information like the cardholder name, credit card number, expiration date, CID and the billing address.

Billing Page Injected into Facebook Login Process


Once the user provides that information, it will be sent directly to the attacker so they can use it to run up fraudulent charges or possibly sell it to the highest bidder.

Trusteer researchers even found a “marketing” video used by the Ice IX authors that demonstrates how the web injection attack is carried out:

  1. Ice XI sends CC info to the attackerThe user goes to www.facebook.com and logs into an account.

  2. A dialog window pops up displaying the message explained above, although the video version takes it a bit further by asking for a social security number and date of birth in addition to the credit card details.

  3. The information supplied by the user is shown to be delivered via instant message to the attacker.


It is important to remember that Facebook will never ask for your credit card number, social security number or any other sensitive information aside from your Facebook username and password while logging in. So if you see a page asking for private information upon login, there’s a good chance your PC has been infected with some type of malware.

Additionally, Facebook informed Trusteer that they actively detect known malware on users’ devices to provide them with a fix. You can run through the check point by visiting on.fb.me/AVCheckpoint. (note: you must be logged out of your account).

Screenshot Credits: Trusteer

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.
Posted by at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)