Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 1726 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malware, maybe?

nycawr

Hi.  I have a client who is having Facebook hacking issues and I'm wondering if your product can help him avoid them in the future.  He was orginally hacked and spammed the nike shoe ad that's going around.  He changed his password, but apparently got hacked again.  It seems that whoever hacked him created a different facebook username than he'd been using (supposedly just a descriptor like facebook.com/mypage) but that can only be changed once.  We tried several times to change his password but either it kept being changed before we could make security changes or something.  By logging in from my local computer, we seemed to finally beat them at getting a stronger password plus device notifications going.  However, this afternoon he was locked out of the account again but it looks to me like this only happened because the hacker tried to log in again from an unauthorized source.  Is it possible that his computer is infected with a keylogger or something?  Or was it just that his passwords were pretty easy?  Or was it that Facebook doesn't do a very good job of security?  His AOL email also got hacked a couple of times, but once we came up with the remote login idea and created a much better password, that seems to be okay. 

Either way.... would your software help him from becoming infected in the future, if that's really what happened to him?  Thanks for your time.

:1005705


This thread was automatically locked due to age.
  • 0

    Is your client using a Mac?  There are a few pieces of Mac malware that could gather that data, but those who deploy them likely wouldn't be attempting to take over his facebook page.  It sounds more likely that his password was weak and his privacy configuration was lacking (the information required to reset his password was made available to the attacker, for example -- or he was logging in with HTTP over a public/hacked WiFi access point).

    Much more likely that he's using WiFi and has a weak WiFi password from what you're describing than that he's got malware on his computer.

    http://nakedsecurity.sophos.com/2010/02/03/choose-strong-password/ might help -- and ensure he doesn't reuse passwords, as that's often how facebook passwords get cracked.

    :1005723
  • 0

    He does have a Mac and uses a Time Capsule/WiFi router that is password protected.  I don't think it was a WiFi hack as the account was accessed from an out of state IP address, according to Facebook.  The thing that made me feel there was malware involved was that the hacker seemed to be able to change the password again on us before we could get the tighter security settings up and running.

    Thoughts?

    :1005839
  • 0

    Lets see Ok

    i know what to do and to block a port :D try this 

    1) system preferences -

    2) Secutity And Privacy Tab

    3) Firewall Unlock the page if its locked then press start

    4) Go to Advanced

    5) Block all incoming connections

    All Done 

    see how you go and then if its happing call the FBI or take the mac into apple and let them look at it 

    Also Make sure you update the softeware as apple sent a new Java out as over 500,000 Macs Got Hacked!!!!

    :1005851