Another Trojan Trick

Facebook users are suffering from another Trojan trick. The Carberp Trojan new configuration make Facebook users to be in the act of doing financial fraud.

Earlier, user credentials were stolen from the log-in page via attacks. This version went far attempting to steal money. It makes the user disclose the information about his/her e-cash voucher.

When users navigate any of their Facebook pages, Carberp replaces it with a fake one. The victim is notified that his/her account is locked. Besides first and last name, date of birth, email and password, the page asks user for a Ukash 20 euro voucher number. This seems to confirm verification of user identity and unlock  his/her account.

The user is assured that the cash voucher will be undoubtedly added to the balance of the user's Facebook account. The trick is obvious, isn't it? The Carberp bot master then gets the voucher number using it as a cash equivalent. The user is hippoed and looses his money. This new Carberp attack provides frauds with the ability to sell or use the e-cash vouchers anywhere and immediately .

When attacking social networks, cybercriminals get a large number of victims. These are trustful and can be easily tricked into giving up their money and divulging the confidential information.

The adaption of e-cash on the Internet is now growing fast. Users should be aware and expect more of these attacks. Be suspicious of irregular requests even if you think they originate from the trusted web sites. You can also use browser-based security tools. They control and secure communication between your PC and target websites. Tools also prevent keylogging from drabbing data.

GetAV.org