WARNING – Facebook Dislike button spreads fast, but is a fake – watch out!

Don’t be too quick to click on links claiming to “Enable Dislike Button” on Facebook, as a fast-spreading scam has caused problems for social networking users this weekend.

Messages claiming to offer the opposite to a like button have been appearing on many Facebook users’ walls:

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!

Like the “Preventing Spam / Verify my account” scam which went before it, the scammers have managed to waltz past Facebook’s security to replace the standard “Share” option with a link labelled “Enable Dislike Button”.

The fact that the “Enable Dislike Button” link does not appear in the main part of the message, but lower down alongside “Link” and “Comment”, is likely to fool some users into believing that it is genuine.

Clicking on the link, however, will not only forward the fake message about the so-called “Fakebook Dislike button” to all of your online friends by posting it to your profile, but also run obfuscated Javascript on your computer.

The potential for malice should be obvious.

As we’ve explained before, there is no official dislike button provided by Facebook and there isn’t ever likely to be. But it remains something that many Facebook users would like, and so scammers have often used the offer of a “Dislike button” as bait for the unwary.

Here’s another example that is spreading, attempting to trick you into pasting JavaScript into your browser’s address bar, before leading you to a survey scam:

If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

By Graham Cluley @ nakedsecurity.sophos.com

WARNING: Dad catches daughters on webcam – spreading fast on Facebook

Facebook is being hit by another viral message, spreading between users’ walls disguised as a link to a saucy video.

The messages, which are spreading rapidly, use a variety of different links but all claim to be a movie of a dad catching his daughters making a video on their webcam:

[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI
[LINK]
two naughty girls get caught in the WORST moment while making a vid on their webcam! omg!!

The messages also tag some of the victims’ Facebook friends, presumably in an attempt to spread the links more quickly across the social network.

If you make the mistake of clicking on the link you are taken to a webpage which shows a video thumbnail of two scantily clad young women on a bed. The page urges you to play the video, however doing so will post the Facebook message on your own wall as a “Like” and pass it to your friends.

Unfortunately, the new security improvements announced by Facebook this week fail to give any protection or warning about the attack.

When I tested the scam I was presented with a (fake) message telling me that my Adobe Flash plugin had crashed and I needed to download a codec.

Users should remember that they should only ever download updates to Adobe Flash from Adobe’s own website – not from anywhere else on the internet as you could be tricked into installing malware.

Ultimately, you may find your browser has been redirected to a webpage promoting a tool for changing your Facebook layout, called Profile Stylez and – on Windows at least – may find you have been prompted to install a program called FreeCodec.exe which really installs the Profile Stylez browser extension.

It’s certainly disappointing to see Facebook’s new security features fail at the first major outbreak – clearly there’s much more work which needs to be done to prevent these sorts of messages spreading rapidly across the social network, tricking users into clicking on links which could be designed to cause harm.

If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

By Graham Cluley @ nakedsecurity.sophos.com

Verify My Account Spam Runs Rampant On Facebook

Before Investing in an Anti-spam Filter Know What to Look For

With a high percentage of emails directed at your inbox being spam, a good anti-spam filter is an absolutely vital piece of your email infrastructure. Knowing what to look for can help make the difference between a well-tuned email system, and a crawling mess of spam messages using up storage space and wasting users’ time. Before you go out and install the first anti-spam filter you find, here are some of the key things to consider.

Cloud-based or on-premise

There are hosted anti-spam filtering solutions that offer greater economies of scale, making them more affordable than in-house solutions. These can combine anti-spam with anti-malware, and filter out spam and other nasty stuff before it uses up your bandwidth or impacts your server’s storage and performance. The only downsides are that they represent a subscription service with monthly costs, and as an outsourced solution, some admins miss having the on-site control.

On-premise solutions are purchased (though they may have monthly or annual subscription costs for updates) so they can be capitalized, and by being in-house, the admins can have total control whenever they want.

Choose the solution that works best with your administrative style and costing strategy. If you choose an on-premise solution, make sure you select one that is server based, not client based. The administrative overhead of managing a server at your edge is much lower than trying to administer an agent installed on every client, and the licensing costs will likely be far less as well. Centralizing the anti-spam filter will make it easier to maintain, and will prevent spam messages from taking up space on users inboxes, and on your mailbox servers.

Spam detection methods

There are a variety of ways to detect and block spam. No single way is fully effective; you need a product that combines methods for a defense-in-depth approach. Bayesian filtering is a very effective way to detect spam, but it must be ‘trained’ to your environment. Whitelists need to be in place to minimize false positives that could block critical business communications. Keyword lists should also be an option for companies whose business might include words that others would consider spam. Other approaches include SMTP header analysis, blacklists, using SPF records to reduce spoofing, and reputation services. By combining the analysis of these multiple methods you ensure the maximum effectiveness of your anti-spam filter, while minimizing false positives.

User self-service

Whitelisting business partners and customers, and checking the quarantine folder for blocked messages, can both become major tasks for the helpdesk. Look for anti-spam filter solutions that offer user self-service, both for adding senders to the whitelist, and for enabling users to release quarantined messages themselves, or by delivering spam to the user’s junk mail folder.

Reporting

Today’s management is all about the metrics. Look for an anti-spam filter that includes robust reporting and that includes the ability to use this information in dashboards or for computing SLAs. Spam is one of those problems that no one notices as long as your anti-spam filter is doing a good job, but that becomes a major issue if a spam message slips through.

Remember, whether cloud-based or on-premise, a good anti-spam filter offers you defense in depth, economical licensing, reduces the administrative overhead, and supports users for routine tasks.

This guest post was provided by Ed Fisher on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI email archiving.

All product and company names herein may be trademarks of their respective owners.

PlayStation Network hacked: Personal data of up to 70 million people stolen

Users of Sony’s PlayStation Network are at risk of identity theft after hackers broke into the system, and accessed the personal information of videogame players.

The implications of the hack, which resulted in the service being offline since last week, are only now becoming clear as Sony has confirmed that the hackers, who broke into the system between April 17th and April 19th, were able to access the personal data of online gamers.

In a blog post, Sony warns that hackers have been able to access a variety of personal information belonging to users including:

* Name
* Address (city, state, zip code)
* Country
* Email address
* Date of birth
* PlayStation Network/Qriocity password and login
* Handle/PSN online ID

In addition, Sony warns that profile information – such as your history of past purchases and billing address, as well as the “secret answers” you may have given Sony for password security may also have been obtained.

As if that wasn’t bad enough, Sony admits that it cannot rule out the possibility that credit card information may also have been compromised:

While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

The fact that credit card details, used on the network to buy games, movies and music, may also have been stolen is obviously very worrying, and affected users would be wise to keep a keen eye on their credit card statements for unexpected transactions. Questions clearly have to be asked as to whether Sony was ignorant of PCI data security standards and storing this and other personal data in an unencrypted format.

So how could hackers exploit the information stolen from the Sony PlayStation Network?

1. Break into your other online accounts. We know that many people use the same password on multiple websites. So if your password was stolen from the Sony PlayStation Network, it could then be used to unlock many other online accounts – and potentially cause a bigger problem for you.

So you should always use unique passwords.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Oh, and you better be sure that you have changed your “secret answers” too.

2. Email you phishing scams or malware attacks. If they stole your email address from Sony, they can now email you. And it wouldn’t be difficult for the cybercriminals to create an email which pretended to be a legitimate organisation (perhaps Sony themselves?) to steal more information or carried a Trojan horse designed to infect your computer. The fact that they know your name and snail-mail address could make the email even more convincing.

3. Hit you in the wallet. If your credit card details have been exposed by the Sony PlayStation Network hack then you could find fraudsters begin to make purchases from your account – if you notice that money is missing, you’ll have to go through the rigmarole of claiming the money back from your credit card company.

This security breach is not just a public relations disaster for Sony, it’s a very real danger for its many users.

If you’re a user of Sony’s PlayStation Network now isn’t the time to sit back on your sofa and do nothing. You need to act now to minimise the chances that your identity and bank account becomes a casualty following this hack.

That means, changing your passwords, auditing your other accounts, and considering whether you should keep a closer eye on those credit card statements or simply telling your bank that as far as you’re concerned the card is now compromised.

More information can be found in Sony’s blog post.

By Graham Cluley @ nakedsecurity.sophos.com

Android Threat Tackles Piracy Using Austere Justice Measures

How to Control Internet Usage to Improve Company Output – By GFI

There’s a time for work and a time for play – unfortunately few live up to this saying. Besides wasting time on non work-related activity in the actual place of work, employees also procrastinate on the web.  The Internet has proven to be an indispensable tool for businesses and blocking employee access to it could only prove to be counterproductive; yet, organizations need to take the right measures to control Internet usage so as to improve worker productivity while reducing security risks which could adversely affect the company output.

It is possible to control Internet usage without affecting employee morale. The following are some points on how this can be achieved:

• Block offensive sites – such as adult sites, sites with racist or other discriminatory content, etc. Objectionable and offensive sites can create a hostile or threatening working environment. It is therefore very important for such sources to be blocked, as allowing access to them could not only result in employees leaving the organization (which also means more time and costs to recruit replacements), but it can also result in potential lawsuits. Making use of good web filtering software which can block access to such sites is clearly essential.

• Monitor other time-wasting sites – While a 2010 study by Burson-Marsteller showed that “79 percent of the largest 100 companies in the Fortune Global 500 index are using at least one of the most popular social media platforms: Twitter, Facebook, YouTube or corporate blogs”, demonstrating that direct correlation between top financial performance and deep social media engagement can work to the company’s advantage, businesses need to monitor the use of such sites to prevent cyberslacking.

Read more

WordPress.com targeted by DDoS attack

WordPress.com, home to many millions of blogs around the world, is currently being hit by an “extremely large” distributed denial-of-service (DDoS) attack.

According to the company, some users may experience performance and connectivity problems as a result.

Here’s part of the statement we received from Sara Rosso of Automattic, the owners of WordPress.com:

WordPress.com is currently being targeted by a extremely large Distributed Denial of Service attack which is affecting connectivity in some cases. The size of the attack is multiple Gigabits per second and tens of millions of packets per second.

We are working to mitigate the attack, but because of the extreme size, it is proving rather difficult. At this time, everything should be back to normal as the attack has subsided, but we are actively working with our upstream providers on measures to prevent such attacks from affecting connectivity going forward.

Read more

Malicious PDF attack spammed out from compromised VioVet email system

If you’re a customer of VioVet, the UK pet supplies and medications website, then be very careful opening your email this morning.

Customers are reporting that they have received an email purporting to contain a gift certificate from the company – but the files linked to by the email actually contain malware.

Read more

Google Glitch Disables 150,000 Gmail Accounts

Google, we have a problem. About 150,000 Gmail account holders woke up to a nightmare this morning, with all their e-mail, attachments and Google Chat logs gone. What happened?

Google explains that “less than 0.08%” of all Gmail users were affected by the bug, which completely reset accounts, even down to the detail offering a welcome message to those users when they first logged on today. They, and especially visitors to the Gmail Help Forum, were not amused.

But there’s good news here. The way Google is explaining it on its Apps Status Dashboard: “Google engineers are working to restore full access. Affected users may be temporarily unable to sign in while we repair their accounts.”

Read more