New Zeus variant creates bogus Instagram accounts
Posted on 19.08.2013
If you are familiar with the results of a recently finished study regarding online content popularity that concluded that "likes" beget "likes", the fact that people are willing to pay good money for fake Twitter, Instagram and Facebook followers as well as "likes" and "retweets" will not come as a surprise.

The market for these "goods" is, in fact, strong enough to make the price asked on underground cybercrime forums for 1,000 fake Instagram followers or likes is considerably higher that that for 1,000 credit card numbers.

It's no wonder, then, that cyber crooks wielding the infamous Zeus information.stealing Trojan have recently been found using a new variant that not only searches for and records passwords, but also uses the zombified machine to check for available Instagram usernames.

According to RSA researchers, this new variant is able to download additional downloader malware onto the target's computer. After that, it performs search engine queries, likely in a effort to promote pages hosting additional malware to the top of search engine results.

Next, the malware checks for the availability of Instagram usernames by sending POST commands to the Instagram service via its mobile API.

"For servers and virtual machines running Windows operating systems, Instagram API calls are pushed into Instagram by spoofing User-Agent strings in an attempt to disguise the traffic as a Smartphone running an Android operating system," the researchers explain. "Spoofing is an important step, because Instagram doesn’t permit username availability searches from a Desktop PC."

The variant uses common dictionary words, combines them with some random characters and uses those concoctions as names for the fake accounts. And while its doing that, it also automatically “likes” photos on other Instagram accounts.

"Search engine optimization abuse and Instagram account abuse could just be the beginning," they say, adding that Zbot variants are surely going to also continue using their usual bag of tricks.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th