I regularly see a lot of extremely dubious and rather slimy techniques deployed to get end-users to run horrible things or fall for scams. Generally, the targets tend to be the technologically inept or granny, sitting in the corner. See granny? Sure you do, she's right over there replying to the Third King of Nigeria and helping him out with his cash relocation problem.
However, I've come across a scam rapidly spreading across numerous underground forums and IRC channels that is truly one of the scummiest tactics I've seen in some time.
How bad? Allow the following screenshot to spell it out for you.
Ladies and Gentlemen, allow me to present you with the winner of the Lowest Tactic Used in 2009 award. Do your kids play Neopets? If they do, you might want to read this and gently warn them of the dangers.
Neopets: What is it?
Neopets, originally uploaded by Paperghost.
Neopets (originally NeoPets) is a virtual pet website, based around the virtual pets that inhabit the virtual world of Neopia. Visitors can create an account and take care of up to four virtual pets, buying them food, toys, clothes, and other accessories using a virtual currency called Neopoints. Neopoints can be earned through playing games, investing in the game's stock market, trading, and winning contests such as customization and art. Neopets also operates a pay-to-play version known as Neopets Premium, which offers additional features and benefits for a monthly fee of $7.99 (USD).
The scam is based around one of the core mechanics of Neopets: kids love rare items and things that nobody else has. Neopets has magical paintbrushes - stay with me on this - and they're rather hard to get hold of nowadays. As an example of that, here's a petition posted in 2004(!) that people are still posting comments to. In addition, here's a list of current prices - now consider a newcomer to Neopets starts with the rather paltry sum of 1000 Neopoints, and you can see why there's a desire for these items.
This is where we target some 12 year olds with social engineering. Oh dear...
The Method
Neopets is effectively social networking for younger kids and some teenagers. Or, as someone on a hacking forum put it while discussing this particular attack,
...ouch. No surprise, then, that the site has many communal areas where people can chat, hang out, send each other messages and see what's going on. Our hackers will move to the trading areas, where kids can post requests for items they'd like to buy, sell or trade. Then it's just a case of hunting out posts like this....
"Stupid 12 year olds" are apparently in for a smackdown.
The above individual is clearly excited by this.
...well, if you're going to intentionally target young kids you might as well go the whole hog and dump them into a Botnet too. The messages aren't just being posted and sent by private message on the Neopets site - they're also turning up on third party websites too.
Click to Enlarge
Interestingly, sites such as Neopets are accessed in corporate environments too - FaceTime collects live traffic data from commercially deployed Unified Security Gateway appliances at more than 80 mid to large enterprises worldwide that have opted into this program, representing the daily Web-based activities of more than 100,000 corporate workers.
During the past week, these corporate workers have accessed 99 different virtual worlds from their work computers, and at least half of those are targeted at children. Perhaps the kids are asking their parents to check on their Neopets at work or see if the latest friend request on Myspace has been approved?
At any rate, let's hope they're wary of too-good-to-be-true paintbrush deals. Whether at home or in the workplace, "offers" such as the ones above should be avoided and anyone sending your child messages about paintbrush creators should report them here (you'll need to be logged in to access that URL).
I never thought I'd have to advise young children to stay frosty, but there you go...
However, I've come across a scam rapidly spreading across numerous underground forums and IRC channels that is truly one of the scummiest tactics I've seen in some time.
How bad? Allow the following screenshot to spell it out for you.
Ladies and Gentlemen, allow me to present you with the winner of the Lowest Tactic Used in 2009 award. Do your kids play Neopets? If they do, you might want to read this and gently warn them of the dangers.
Neopets: What is it?
Neopets, originally uploaded by Paperghost.From Wikipedia:
Neopets (originally NeoPets) is a virtual pet website, based around the virtual pets that inhabit the virtual world of Neopia. Visitors can create an account and take care of up to four virtual pets, buying them food, toys, clothes, and other accessories using a virtual currency called Neopoints. Neopoints can be earned through playing games, investing in the game's stock market, trading, and winning contests such as customization and art. Neopets also operates a pay-to-play version known as Neopets Premium, which offers additional features and benefits for a monthly fee of $7.99 (USD).
The scam is based around one of the core mechanics of Neopets: kids love rare items and things that nobody else has. Neopets has magical paintbrushes - stay with me on this - and they're rather hard to get hold of nowadays. As an example of that, here's a petition posted in 2004(!) that people are still posting comments to. In addition, here's a list of current prices - now consider a newcomer to Neopets starts with the rather paltry sum of 1000 Neopoints, and you can see why there's a desire for these items.
This is where we target some 12 year olds with social engineering. Oh dear...
The Method
Neopets is effectively social networking for younger kids and some teenagers. Or, as someone on a hacking forum put it while discussing this particular attack,
...ouch. No surprise, then, that the site has many communal areas where people can chat, hang out, send each other messages and see what's going on. Our hackers will move to the trading areas, where kids can post requests for items they'd like to buy, sell or trade. Then it's just a case of hunting out posts like this....
...and that child is, officially, doomed. Asking for paintbrushes on the trading areas of Neopets will mean that they're likely to be the recipient of a Neomail (private messaging on the Neopets website) that looks like this:
Neopets Scam, originally uploaded by Paperghost.
From there, it's just a case of said child visiting the external link, downloading a file and being keylogged into infinity and beyond. Then the fun really begins.
Neopets Scam, originally uploaded by Paperghost.
From there, it's just a case of said child visiting the external link, downloading a file and being keylogged into infinity and beyond. Then the fun really begins.
Wave goodbye to your rare items, kids - and you didn't want your XBox Live account (that potentially has credit card details attached to it) anymore either, did you? The attackers then use the familiar tactic of taking a previously trusted source and using it to attack their friends & other newcomers to the site. Alongside hanging out in the handily labeled "Newbies" section and spamming messages, they'll also post fake "It worked" messages from compromised accounts to the forums of threads started by the attacker, much like people do on Youtube to give the impression that fake programs actually work (scroll down to "positive comments").
Additionally, the PC is quite possibly used by other people, or indeed belongs to someone else altogether....
...which would be, as you can imagine, a "bad thing".
Shall we see some of the reaction to this attack method from the peanut gallery?
Additionally, the PC is quite possibly used by other people, or indeed belongs to someone else altogether....
...which would be, as you can imagine, a "bad thing".
Shall we see some of the reaction to this attack method from the peanut gallery?
"Stupid 12 year olds" are apparently in for a smackdown.
The above individual is clearly excited by this.
...well, if you're going to intentionally target young kids you might as well go the whole hog and dump them into a Botnet too. The messages aren't just being posted and sent by private message on the Neopets site - they're also turning up on third party websites too.
Click to Enlarge
Interestingly, sites such as Neopets are accessed in corporate environments too - FaceTime collects live traffic data from commercially deployed Unified Security Gateway appliances at more than 80 mid to large enterprises worldwide that have opted into this program, representing the daily Web-based activities of more than 100,000 corporate workers.
During the past week, these corporate workers have accessed 99 different virtual worlds from their work computers, and at least half of those are targeted at children. Perhaps the kids are asking their parents to check on their Neopets at work or see if the latest friend request on Myspace has been approved?
At any rate, let's hope they're wary of too-good-to-be-true paintbrush deals. Whether at home or in the workplace, "offers" such as the ones above should be avoided and anyone sending your child messages about paintbrush creators should report them here (you'll need to be logged in to access that URL).
I never thought I'd have to advise young children to stay frosty, but there you go...
Recent Comments