Bio: Robert Lipovsky is a malware researcher in ESET’s Security Research Laboratory in Bratislava, working for ESET since 2007. He is responsible for malware intelligence and research, in which he focuses on rootkit techniques, Android malware, and other areas. He has given presentations at several security conferences, including EICAR, CARO, and Virus Bulletin. He holds a Master’s Degree in Computer Science from the Slovak University of Technology in Bratislava. When not bound to a keyboard, he enjoys sports and playing guitar.
The “Facebook PokerAgent”
In March 2012 we have been tracking a botnet, which was used by the perpetrator to harvest Facebook log-on credentials. In addition to expanding the database of stolen Facebook user names and passwords, the bots were being instructed to ascertain the number of credit cards linked to the Facebook accounts and Zynga Poker player stats of the victimized users. The threat was mostly active in Israel.
With Facebook being such a hot topic, this would constitute an interesting phishing threat just due to the aforementioned characteristics, but the matter gained more seriousness when we discovered that the bot master had managed to acquire over 16000 Facebook credentials through his operation, as our botnet monitoring had revealed.
The presentation begins with an overview of the threat and the technical details of the used trojan horse. Afterwards, we will describe the process of monitoring the botnet and present the highlights of the following investigation.