Firefox 16 vulnerability allows spammers to steal Facebook access tokens

Recently a researcher discovered a vulnerability in the latest version of Firefox ,v16.0, that allows attacker to gather detailed information about user browser history. Previous versions and later version are not affected.

Although it was initially believed that the vulnerability allow access to browser history, Mozilla representatives told Ars Technica that "the flaw allowed access to the URL of windows or frames to which the attacker has a reference only—generally the ones that the attacker opened."

Now, researcher published a proof-of-concept that demonstrate how an attacker collect your twitter account name when you click a button. The attacker opens a new window and load a specially crafted Twitter url that contains a personal Twitter ID. If a user signed in already, then hackers able to collect your twitter name.

When i read the story, I started to think in the Spammers' point of view. Recently, i report a Facebook scam that ask user to verify their account by pasting their access token in the hacker's site.

I have just modified the poc with the spammer's code to display the authentication token of facebook, Successfully it worked for me.

Yes, it is very easy for a hacker to steal the authentication token. Just one click is enough for hacker to gain your authentication token without much effort.

The Top 5 Subjects(Tricks) used by Malicious Spammers

According to the research of websense,, these are the top 5 Subjects used by Malicious Spammers. If you an email with the following subject or similar tricks, Don't click the links or download the Attachment, if you do, you will end up in malware attack.

1.ORDERS

Order N21560 (numbers vary)

This link redirects to .ru/main.php or .com/main.php URL, which serves the Blackhole exploit kit. These emails are targeting users who just purchased an Adobe CS4 license, which is weird, because version 5.5 is already out. The spammers obviously have not done their research and are behind the times.

2.TICKETS

FW: Re: UNIFORM TRAFFIC TICKET (ID: 239127922) (numbers vary and subject might appear without FW: or RE:)
Fwd: Your Flight Order N125-9487755 (numbers vary)

Users are lured to click on a "CLICK HERE" link, which redirects to another URL serving the Blackhole exploit kit. I guess these types of emails are targeting specific people: a) who have driven a vehicle in New York and b) who have been cited for a speeding violation recently, and of course c) those who are curious, otherwise why would they click on this link?

3. DELIVERY COMPANIES:

USPS Invoice copy ID46298 (numbers vary)
FedEx: New Agent File Form, trackid: 1V6ZFZ7FEOHUQ (numbers vary)
DHL Express Notification for shipment 90176712199 (numbers vary)

Fake emails pretending to be invoices or tracking emails have been around for several years and usually would have an attachment, such as a Trojan like Zeus or SpyEye. Websense Security Labs™ has written several blogs before about similar cases. I just want to point out that such emails are still being sent in bulk and are still being used as a vector to infect end users' computers. The reason why these kinds of emails are still so popular is because the attachments are being repacked for every new campaign; therefore, antivirus products struggle to release new signatures for those and are unable to block them, like in this case. The campaign is known, but VT shows only 8/42 results for an attachment.

4. test

This email suggests that the attachment is a patch for WoW (World of Warcraft). Unfortunately, for the criminals, the archive is corrupt and therefore harmless to the recipients. Emails with "test" in the Subject line are commonly used by criminals to spread their malicious software. Users are used to seeing legitimate emails with "test" in the Subject line when an email system is being checked, and also spammers use such techniques to validate an email address.

5. Payment/TAX systems:

FRAUD ALERT for ACH
Your Wire Transfer
Wire transfer rejected
IRS requires new EIN
IRS Tax report

Daily read our Spam News from eHackingNews .

How you are getting large number of spam mail ? Know why

Are you getting lot of spam mails to your inbox?  Do you know why it comes to your mail? The mistake is yours only.  Because of you only you are getting larger number of spam.  How you responsible for that? Go ahead to know what is your mistake.

Spam Mail Definition:
Also known as junk mail.  Sending large number of identical message to numerous recipients .   Advertisers ,merchants sends large number of mail to recipients for advertising purpose using softwares and some websites.