reghakr
Essential Member
- Joined
- Jan 26, 2009
- Messages
- 14,186
- Thread Author
- #1
There's a new malware attack on Facebook and it's significant for multiple reasons. This attack is particular spreads through bogus links, and it appears to change form in line with news events.
While there have been several similar scams in the past, they've usually involved tricking users into handing over personal data or outright hijacking accounts.
Malicious Drive-by Downloads Initiated on Click
The new Facebook attacks tricks users into clicking on a link to a supposed online video.
Once the link has been clicked, a Trojan virus is automatically downloaded to the users' computer without consent (this is known as a drive-by download). Once the virus is installed, it publishes links on the user's own Facebook account in order to redistribute the scam to other contacts.
Security researchers are still trying to figure out exactly how the attack works. They originally thought it was related to Facebook's "like" feature, in which users can promote a post or link by giving it a virtual thumbs up, but now suspect the scammers are simply using the "like" icon to make the bogus links more credible.
Bogus Claims Change During Day
Interestingly, the supposed video that the links claim to post to has changed.
Originally, it purported to be a clip involving alleged activity by Dominique Strauss-Kahn, the former head of the International Monetary Fund. At noon (eastern US time) on Thursday, the infected links were replaced by ones claiming to lead to an intimate video with singer Rihanna and Hayden Panettiere. (Source: Antivirus Software, Anti-Spyware and Internet Security | F-Secure)
That switch, and the fact that it happened precisely on the hour, suggests the scammers may be trying out different subjects to see which ones fool the most users.
Malware, Payload Location-Dependent
It appears that only users in particular countries such as the US and UK are led to the malware, with those from other countries simply redirected to a safe website, such as YouTube.
That's probably because the hackers believe they stand a greater chance of selling bogus security software at high prices to American and British victims, and that their credit card details will prove more lucrative.
The scam also automatically checks to see if the user is running Windows or a Mac and offers up bogus software appropriate to the system. That appears to be capitalizing on fears that Macs have suddenly become more prone to viruses: in fact, they are becoming a target for so-called "scareware" scams that falsely claim a computer is infected. (Source: The Register: Sci/Tech News for the World)
Source: Warning: Facebook 'News' Videos Auto-Install Trojan / Infopackets.com
While there have been several similar scams in the past, they've usually involved tricking users into handing over personal data or outright hijacking accounts.
Malicious Drive-by Downloads Initiated on Click
The new Facebook attacks tricks users into clicking on a link to a supposed online video.
Once the link has been clicked, a Trojan virus is automatically downloaded to the users' computer without consent (this is known as a drive-by download). Once the virus is installed, it publishes links on the user's own Facebook account in order to redistribute the scam to other contacts.
Security researchers are still trying to figure out exactly how the attack works. They originally thought it was related to Facebook's "like" feature, in which users can promote a post or link by giving it a virtual thumbs up, but now suspect the scammers are simply using the "like" icon to make the bogus links more credible.
Bogus Claims Change During Day
Interestingly, the supposed video that the links claim to post to has changed.
Originally, it purported to be a clip involving alleged activity by Dominique Strauss-Kahn, the former head of the International Monetary Fund. At noon (eastern US time) on Thursday, the infected links were replaced by ones claiming to lead to an intimate video with singer Rihanna and Hayden Panettiere. (Source: Antivirus Software, Anti-Spyware and Internet Security | F-Secure)
That switch, and the fact that it happened precisely on the hour, suggests the scammers may be trying out different subjects to see which ones fool the most users.
Malware, Payload Location-Dependent
It appears that only users in particular countries such as the US and UK are led to the malware, with those from other countries simply redirected to a safe website, such as YouTube.
That's probably because the hackers believe they stand a greater chance of selling bogus security software at high prices to American and British victims, and that their credit card details will prove more lucrative.
The scam also automatically checks to see if the user is running Windows or a Mac and offers up bogus software appropriate to the system. That appears to be capitalizing on fears that Macs have suddenly become more prone to viruses: in fact, they are becoming a target for so-called "scareware" scams that falsely claim a computer is infected. (Source: The Register: Sci/Tech News for the World)
Source: Warning: Facebook 'News' Videos Auto-Install Trojan / Infopackets.com
reghakr
Essential Member
- Joined
- Jan 26, 2009
- Messages
- 14,186
- Thread Author
- #2
Facebook seems unable to stop scammers from circulating malicious Web links that install fake antivirus software on victims' computers.
The scam was spotted Tuesday by antivirus vendor Sophos. At that time the criminals behind it were luring victims into installing the software by offering links purportedly to a video of disgraced former International Monetary Fund Managing Director Dominique Strauss-Kahn and a hotel maid.
On Wednesday the scam switched and the link was supposed to be an X-rated video of celebrities Rihanna and Hayden Panettiere. In both cases there is no such video. People who click on the link are sent to a website that tries to install the fake antivirus software.
The scam is slightly different, depending on whether the victim is using a Mac or a PC. On the PC, the site tells victims that they need to install the latest version of Adobe Flash Player to watch the video.
But the software they install is actually the fake antivirus program.
On the Mac, there's a pop-up window that looks like a security warning.
When victims click to "fix" the security problems, they end up installing the fake software.
Date: 1 June 2011
Source: Link Removed
The scam was spotted Tuesday by antivirus vendor Sophos. At that time the criminals behind it were luring victims into installing the software by offering links purportedly to a video of disgraced former International Monetary Fund Managing Director Dominique Strauss-Kahn and a hotel maid.
On Wednesday the scam switched and the link was supposed to be an X-rated video of celebrities Rihanna and Hayden Panettiere. In both cases there is no such video. People who click on the link are sent to a website that tries to install the fake antivirus software.
The scam is slightly different, depending on whether the victim is using a Mac or a PC. On the PC, the site tells victims that they need to install the latest version of Adobe Flash Player to watch the video.
But the software they install is actually the fake antivirus program.
On the Mac, there's a pop-up window that looks like a security warning.
When victims click to "fix" the security problems, they end up installing the fake software.
Date: 1 June 2011
Source: Link Removed
reghakr
Essential Member
- Joined
- Jan 26, 2009
- Messages
- 14,186
- Thread Author
- #3
Facebook seems unable to stop scammers from circulating malicious Web links that install fake antivirus software on victims’ computers.
The scam was spotted May 31 by antivirus vendor Sophos. At that time the criminals behind it were luring victims into installing the software by offering links purportedly to a video of the disgraced former International Monetary Fund Managing Director and a hotel maid.
The scam switched June 1 and the link was supposed to be an X-rated video of two female celebrities. In both cases there is no such video.
People who click on the link are sent to a Web site that tries to install the fake antivirus software.
The scam is slightly different, depending on whether the victim is using a Mac or a PC.
On the PC, the site tells victims that they need to install the latest version of Adobe Flash Player to watch the video.
But the software they install is actually the fake antivirus program. On the Mac, there is a pop-up window that looks like a security warning. When victims click to ?fix? the security problems, they end up installing the fake software.
The same type of software, MacGuard or MacDefender, has recently been plaguing Mac users.
Source:
Link Removed
The scam was spotted May 31 by antivirus vendor Sophos. At that time the criminals behind it were luring victims into installing the software by offering links purportedly to a video of the disgraced former International Monetary Fund Managing Director and a hotel maid.
The scam switched June 1 and the link was supposed to be an X-rated video of two female celebrities. In both cases there is no such video.
People who click on the link are sent to a Web site that tries to install the fake antivirus software.
The scam is slightly different, depending on whether the victim is using a Mac or a PC.
On the PC, the site tells victims that they need to install the latest version of Adobe Flash Player to watch the video.
But the software they install is actually the fake antivirus program. On the Mac, there is a pop-up window that looks like a security warning. When victims click to ?fix? the security problems, they end up installing the fake software.
The same type of software, MacGuard or MacDefender, has recently been plaguing Mac users.
Source:
Link Removed
Similar threads
- Replies
- 1
- Views
- 4K
- Replies
- 0
- Views
- 2K