|Date: Friday, 07/31/2009, 2:39 pm | Message #|
Passwords of 40 thousand users from "Vkontakte" posted on the Web
A network of 40 thousand hacked VKontakte accounts with logins and passwords was posted online. Those who have installed new gaming applications on their pages have suffered from the actions of intruders.
Kaspersky Lab reported that a network has been uploaded to the network, which contains email addresses and passwords for more than 40 thousand VKontakte accounts. Initially, experts reported about 130 thousand stolen pages, but after checking this figure was lower.
The information appeared on the phishing site 18.104.22.168, which is blocked by Kaspersky and Nod32 antivirus. In any case, security specialists do not recommend following this link, as the computer may be infected.
Information about stolen accounts was obtained using the malicious program Trojan.Win32.VkHost.an, which Kaspersky Lab experts discovered on July 28.The fraudsters decided to play on the popularity of VKontakte gaming applications: the Trojan was distributed through one of these VKontakte programs, which is now blocked by the administration. The name of this application is not reported
After installing this Trojan in the system, the hosts file was replaced in such a way that when going to the sites vkontakte.ru and odnoklassniki.ru, the user was redirected to 22.214.171.124, where he was asked to log in.
“At the moment, the database of stolen Odnoklassniki passwords on the phishing site is empty, so there is no reason to talk about the compromise of users of this social network,” said Alexander Gostev, head of the Kaspersky Lab global research and threat analysis center.
The registration data went to the databases on the same site, and the user was informed that his account would be blocked because spam was being sent from his IP address. For unblocking, it was suggested to send an SMS to a short number, which cost reached $ 10.
All VKontakte and Odnoklassniki users are advised to check the contents of their hosts files, which are located in the Windows directory at \ system32 \ drivers \ etc.If they contain links to vkontakte.ru and odnoklassniki.ru, these files should be deleted.
It is also necessary to change all passwords from all accounts in social networks. And in case of contact with such phishing pages, in no case should you enter your username and password or send SMS-messages, experts warn.
Kaspersky Lab has published a special program that searches for a user page in a hacker database at an email address entered during registration on a social network. Check your account for hacking here.
If the account is compromised, it is necessary to urgently change the passwords from the resources where the same password was used (ICQ, email, etc.).
Many users managed to download the VKontakte accounts database, which remained freely available until the morning of Friday, July 31. A little earlier, the passwords listed on the site stopped working.
For example, the user of LJ Juliy writes: “I also managed yesterday to download a link from two hours with a database of logins and passwords for VKontakte, which one site carefully collected with the help of a worm that redirected users from vkontakte.ru to this very site.in the afternoon they were still working, they stopped working at night, which, in general, is quite logical - on the site of the owners of VKontakte, I would change the password for all accounts in the list when the information about this database appeared and send it to those who had their password ..al. "