Warning: Facebook 'News' Videos Auto-Install Trojan

reghakr

Essential Member
Joined
Jan 26, 2009
Location
Erie, PA
There's a new malware attack on Facebook and it's significant for multiple reasons. This attack is particular spreads through bogus links, and it appears to change form in line with news events.

While there have been several similar scams in the past, they've usually involved tricking users into handing over personal data or outright hijacking accounts.

Malicious Drive-by Downloads Initiated on Click

The new Facebook attacks tricks users into clicking on a link to a supposed online video.

Once the link has been clicked, a Trojan virus is automatically downloaded to the users' computer without consent (this is known as a drive-by download). Once the virus is installed, it publishes links on the user's own Facebook account in order to redistribute the scam to other contacts.

Security researchers are still trying to figure out exactly how the attack works. They originally thought it was related to Facebook's "like" feature, in which users can promote a post or link by giving it a virtual thumbs up, but now suspect the scammers are simply using the "like" icon to make the bogus links more credible.

Bogus Claims Change During Day

Interestingly, the supposed video that the links claim to post to has changed.

Originally, it purported to be a clip involving alleged activity by Dominique Strauss-Kahn, the former head of the International Monetary Fund. At noon (eastern US time) on Thursday, the infected links were replaced by ones claiming to lead to an intimate video with singer Rihanna and Hayden Panettiere. (Source: Antivirus Software, Anti-Spyware and Internet Security | F-Secure)

That switch, and the fact that it happened precisely on the hour, suggests the scammers may be trying out different subjects to see which ones fool the most users.

Malware, Payload Location-Dependent

It appears that only users in particular countries such as the US and UK are led to the malware, with those from other countries simply redirected to a safe website, such as YouTube.

That's probably because the hackers believe they stand a greater chance of selling bogus security software at high prices to American and British victims, and that their credit card details will prove more lucrative.

The scam also automatically checks to see if the user is running Windows or a Mac and offers up bogus software appropriate to the system. That appears to be capitalizing on fears that Macs have suddenly become more prone to viruses: in fact, they are becoming a target for so-called "scareware" scams that falsely claim a computer is infected. (Source: The Register: Sci/Tech News for the World)

Source: Warning: Facebook 'News' Videos Auto-Install Trojan / Infopackets.com
 
Facebook seems unable to stop scammers from circulating malicious Web links that install fake antivirus software on victims' computers.

The scam was spotted Tuesday by antivirus vendor Sophos. At that time the criminals behind it were luring victims into installing the software by offering links purportedly to a video of disgraced former International Monetary Fund Managing Director Dominique Strauss-Kahn and a hotel maid.

On Wednesday the scam switched and the link was supposed to be an X-rated video of celebrities Rihanna and Hayden Panettiere. In both cases there is no such video. People who click on the link are sent to a website that tries to install the fake antivirus software.

The scam is slightly different, depending on whether the victim is using a Mac or a PC. On the PC, the site tells victims that they need to install the latest version of Adobe Flash Player to watch the video.

But the software they install is actually the fake antivirus program.

On the Mac, there's a pop-up window that looks like a security warning.

When victims click to "fix" the security problems, they end up installing the fake software.

Date: 1 June 2011

Source: http://www.computerworld.com/s/article/9217229
 
Last edited:
Facebook seems unable to stop scammers from circulating malicious Web links that install fake antivirus software on victims’ computers.

The scam was spotted May 31 by antivirus vendor Sophos. At that time the criminals behind it were luring victims into installing the software by offering links purportedly to a video of the disgraced former International Monetary Fund Managing Director and a hotel maid.

The scam switched June 1 and the link was supposed to be an X-rated video of two female celebrities. In both cases there is no such video.

People who click on the link are sent to a Web site that tries to install the fake antivirus software.

The scam is slightly different, depending on whether the victim is using a Mac or a PC.

On the PC, the site tells victims that they need to install the latest version of Adobe Flash Player to watch the video.

But the software they install is actually the fake antivirus program. On the Mac, there is a pop-up window that looks like a security warning. When victims click to ?fix? the security problems, they end up installing the fake software.

The same type of software, MacGuard or MacDefender, has recently been plaguing Mac users.

Source:
Facebook video scam puts malware on Mac and Windows - Computerworld
 
Back
Top Bottom