‘May God always bless..’ Facebook virus hoax spreads

August 27, 2011 by  
Filed under Security News

Facebook users are sending scary warnings to each other regarding a supposed new piece of malware spreading across the social network.

 

god always bless May God always bless.. Facebook virus hoax spreads

 

Attention!!!If you see anyone post out an application written "May God always bless this kind person below with peace, love and happiness", with your profile picture attached below, and send by your friend via Bold Text. Please DONT click "like" or "SHARE", is a spyware, and all your info at FB will be copy and reuse for other purpose. Please share this info out. Thanks......;)

 

The warnings are being spread rapidly by well-intentioned Facebook users, but the truth is that we have seen no evidence of any such spyware.

 

Our friends at Facecrooks believe they have got to the bottom of the mystery.

 

They have determined that rather than a genuine virus, the warning was kicked off by a Facebook application called Bold Text making over-exuberant, if not downright spammy, wall postings.

 

may god bless facebook May God always bless.. Facebook virus hoax spreads

 

Over one million people are reported to have used the application, so clearly its self-promoting tactics are working.

 

If you see one of your friends reposting the warning about the ‘May God always bless..’ message then please tell them that it isn’t true that it’s a virus, and point them to this article or the information on Facecrooks.

 

And if you installed the Bold Text application, and aren’t enjoying the messages it is posting, you should revoke its access to your Facebook account.

 

It’s not the first time, of course, that Facebook users have been misled of the full facts by virus hoaxes. Most recently we have seen a bogus warning message about an Olympic Torch virus that could “burn the whole hard disc.. C of your computer”

 

Make sure that you stay informed about the latest genuine scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 100,000 people regularly share information on threats and discuss the latest security news.

 

By Graham Cluley @ nakedsecurity.sophos.com

 

Bitdefender Safego The New Social Network Protection

July 24, 2011 by  
Filed under Protection Tools

safego2 Bitdefender Safego The New Social Network Protection

Posts on your wall, comments from friends, status updates. These are the tools that help you build your online social interactions. But don’t forget that your online social life relies on a crucial ingredient: your friends’ trust in you. So why let infected links, spam or deftly crafted scams step in and spoil your fun? After all, we’ve all had enough of the “see who viewed your profile” tricks and of its countless siblings.

 

Using in-the-cloud scanning, Bitdefender Safego protects your social network account from all sorts of e-trouble: scams, spam, malware and private data exposure. But, most importantly, Safego keeps your online friends safe and …close.

 

safego Bitdefender Safego The New Social Network Protection

 

To install the app Click Here


Free Apple iTunes Giftcard scam spreads on Facebook

July 5, 2011 by  
Filed under Security News

Facebook users are being tricked into helping scammers earn money, in the mistaken belief that they will receive a free $25 Apple iTunes Giftcard.

 

We have seen a number of Facebook users posting messages like the following onto their walls:

itunes giftcard 32 Free Apple iTunes Giftcard scam spreads on Facebook

Free $25 Apple iTunes Giftcard
[LINK]
Limited time left, get yours now!

 

Clicking on the link takes you to a webpage which urges you to “Share” the message with your Facebook friends before you can go any further.

 

itunes giftcard 22 Free Apple iTunes Giftcard scam spreads on Facebook

 

You should, of course, always treat such requests with suspicion – but that hasn’t stopped many people unwittingly help the scammers to spread their links far and wide across Facebook.

 

itunes giftcard 12 Free Apple iTunes Giftcard scam spreads on Facebook

 

Perhaps you noticed that you still haven’t been given a free $25 Apple iTunes Giftcard at this point. Instead, the scammers would like you take a survey.

 

itunes giftcard 62 Free Apple iTunes Giftcard scam spreads on Facebook

 

Clearly they have no qualms about using Apple imagery to try to trick you into believing that the campaign is endorsed in some way by Apple itself.

 

This type of survey scam is all too familiar to regular readers of Naked Security. The scammers earn commission for every survey they trick people into completing – and your chances of ever receiving an iTunes Giftcard are close to zero.

 

itunes giftcard 52 Free Apple iTunes Giftcard scam spreads on Facebook

 

But it’s too late for your Facebook friends, as you have already shared the link with them – and so the scam spreads across the social network as users pass it on between eachother.

 

Of course, if you have fallen for the scam, it’s a good idea to remove all references to it from your Facebook page and warn your friends not to participate in it.

 

itunes giftcard 42 Free Apple iTunes Giftcard scam spreads on Facebook

 

If you use Facebook and want to get an early warning about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 100,000 people.

 

By Graham Cluley @ nakedsecurity.sophos.com

 

 

Facebook changes privacy settings for millions of users – facial recognition is enabled

June 9, 2011 by  
Filed under Security News

When Facebook revealed last year it was introducing facial recognition technology to help users tag their friends in photographs, they gave the functionality to North American users only.

 

Most of the rest of us found the option in our privacy settings was “not yet available”, which meant we could neither enable or disable it. We simply had to wait until Facebook decided to roll it out to our account.

 

Well, now might be a good time to check your Facebook privacy settings as many Facebook users are reporting that the site has enabled the option in the last few days without giving users any notice.

 

There are billions of photographs on Facebook’s servers. As your Facebook friends upload their albums, Facebook will try to determine if any of the pictures look like you. And if they find what they believe to be a match, they may well urge one of your Facebook friends to tag it with your name.

 

The tagging is still done by your friends, not by Facebook, but rather creepily Facebook is now pushing your friends to go ahead and tag you.

 

Remember, Facebook does not give you any right to pre-approve tags. Instead the onus is on you to untag yourself in any photo a friend has tagged you in. After the fact.

 

If this is something you’re uncomfortable with, disable “Suggest photos of me to friends” now.

 

Here’s how you do it.

 

* Go to your Facebook account’s privacy settings.

 

* Click on “Customise settings”.

 

* Under “Things others share” you should see an option titled “Suggest photos of me to friends. When photos look like me, suggest my name”.

 

* Unfortunately at this point you can’t tell whether Facebook has enabled the setting or not, you have to dig deeper..

 

* Click on “Edit settings”.

 

facial facebook 11 Facebook changes privacy settings for millions of users   facial recognition is enabled

 

* If Facebook has enabled auto-suggestion of photo tags you will find the option says “Enabled”.

 

facial facebook 21 Facebook changes privacy settings for millions of users   facial recognition is enabled

 

* Change it to “Disabled” if you don’t want Facebook to work that way.

 

* Press “OK”.

 

Earlier this year, Sophos wrote an open letter to Facebook. Amongst other things, we asked for “privacy by default” – meaning that there should be no more sharing of information without users’ express agreement (OPT-IN).

 

Unfortunately, once again, Facebook seems to be sharing personal information by default. Many people feel distinctly uncomfortable about a site like Facebook learning what they look like, and using that information without their permission.

 

Most Facebook users still don’t know how to set their privacy options safely, finding the whole system confusing. It’s even harder though to keep control when Facebook changes the settings without your knowledge.

 

The onus should not be on Facebook users having to “opt-out” of the facial recognition feature, but instead on users having to “opt-in”.

 

Yet again, it feels like Facebook is eroding the online privacy of its users by stealth.

 

If you are on Facebook and want to keep yourself informed about the latest news from the world of internet security and privacy you could do a lot worse than join the Sophos Facebook page where we regularly discuss these issues and best practice.

 

You should also take some time to read our step-by-step advice on how best to configure your Facebook privacy settings.

 

 

By Graham Cluley @ http://nakedsecurity.sophos.com/

 


WARNING – Facebook Dislike button spreads fast, but is a fake – watch out!

May 16, 2011 by  
Filed under Security News

Don’t be too quick to click on links claiming to “Enable Dislike Button” on Facebook, as a fast-spreading scam has caused problems for social networking users this weekend.

 

Messages claiming to offer the opposite to a like button have been appearing on many Facebook users’ walls:

fb dislike button3 WARNING   Facebook Dislike button spreads fast, but is a fake   watch out!

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!

 

Like the “Preventing Spam / Verify my account” scam which went before it, the scammers have managed to waltz past Facebook‘s security to replace the standard “Share” option with a link labelled “Enable Dislike Button”.

The fact that the “Enable Dislike Button” link does not appear in the main part of the message, but lower down alongside “Link” and “Comment”, is likely to fool some users into believing that it is genuine.

 

Clicking on the link, however, will not only forward the fake message about the so-called “Fakebook Dislike button” to all of your online friends by posting it to your profile, but also run obfuscated Javascript on your computer.

 

The potential for malice should be obvious.

 

As we’ve explained before, there is no official dislike button provided by Facebook and there isn’t ever likely to be. But it remains something that many Facebook users would like, and so scammers have often used the offer of a “Dislike button” as bait for the unwary.

 

Here’s another example that is spreading, attempting to trick you into pasting JavaScript into your browser’s address bar, before leading you to a survey scam:

dislike button address bar3 WARNING   Facebook Dislike button spreads fast, but is a fake   watch out!

 

If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.


By Graham Cluley @ nakedsecurity.sophos.com


WARNING: Dad catches daughters on webcam – spreading fast on Facebook

May 14, 2011 by  
Filed under Security News

Facebook is being hit by another viral message, spreading between users’ walls disguised as a link to a saucy video.

 

The messages, which are spreading rapidly, use a variety of different links but all claim to be a movie of a dad catching his daughters making a video on their webcam:

 

dad catches 14 WARNING: Dad catches daughters on webcam   spreading fast on Facebook

[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI
[LINK]
two naughty girls get caught in the WORST moment while making a vid on their webcam! omg!!

 

The messages also tag some of the victims’ Facebook friends, presumably in an attempt to spread the links more quickly across the social network.

 

If you make the mistake of clicking on the link you are taken to a webpage which shows a video thumbnail of two scantily clad young women on a bed. The page urges you to play the video, however doing so will post the Facebook message on your own wall as a “Like” and pass it to your friends.

 

Unfortunately, the new security improvements announced by Facebook this week fail to give any protection or warning about the attack.

 

85573ae26880c0e577c674b731518fa6 WARNING: Dad catches daughters on webcam   spreading fast on Facebook

 

When I tested the scam I was presented with a (fake) message telling me that my Adobe Flash plugin had crashed and I needed to download a codec.

 

dad catches 23 WARNING: Dad catches daughters on webcam   spreading fast on Facebook

Users should remember that they should only ever download updates to Adobe Flash from Adobe’s own website – not from anywhere else on the internet as you could be tricked into installing malware.

 

Ultimately, you may find your browser has been redirected to a webpage promoting a tool for changing your Facebook layout, called Profile Stylez and – on Windows at least – may find you have been prompted to install a program called FreeCodec.exe which really installs the Profile Stylez browser extension.

 

 

profilestylez3 WARNING: Dad catches daughters on webcam   spreading fast on Facebook

 

It’s certainly disappointing to see Facebook’s new security features fail at the first major outbreak – clearly there’s much more work which needs to be done to prevent these sorts of messages spreading rapidly across the social network, tricking users into clicking on links which could be designed to cause harm.

 

If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

 

By Graham Cluley @ nakedsecurity.sophos.com


Verify My Account Spam Runs Rampant On Facebook

May 12, 2011 by  
Filed under Security News

In the past hour a new application has begun spreading on Facebook which has found an exploit in the existing sharing system. Whatever you do, don’t click the link described below.

The system is pretty straight forward. It suggests that you click “VERIFY MY ACCOUNT” within a link which ultimately results in the user posting the same message to all their friends’ walls. The message typically resembles the following one:

In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process…

 

The result is that thousands of users have seen the message spreading to their profiles in the past hour or so. Our guess is that this message could reach hundreds of thousands of users before it’s shut down (unless Facebook’s security team is up right now). The bottom line is this: don’t click any of the links resembling the ones pictured below. Have you seen this spreading on your profile?

 

verify my account3 Verify My Account Spam Runs Rampant On Facebook

 

Source: www.allfacebook.com


Fake Facebook Users Spreading Scam Messages

February 3, 2011 by  
Filed under Security News

facebook scam Fake Facebook Users Spreading Scam Messages

 

I just saw new way of scams that spreading in Facebook as a messages with the same content of usually email scams about claiming prizes or money even the account who send the scam don’t have any personal information and friend, he just put the Facebook logo as a profile picture to be as Facebook team. (Watch Out and Take Care)

 

Read more

Facebook flaw allowed websites to steal users’ personal data without consent

February 2, 2011 by  
Filed under Security News

A couple of weeks ago two students conducting security research contacted me about a vulnerability which they believed they had found with Facebook.

 

Rui Wang and Zhou Li said that they had found a vulnerability which allowed malicious websites to access a Facebook user’s private data without permission. According to Rui and Zhou, it was possible for any website to impersonate other sites which had been authorised to access users’ data such as name, gender and date of birth.

 

Furthermore, the researchers found a way to publish content on the visiting users’ Facebook wall (under the guise of legitimate websites) – a potential way to spread malware and phishing attacks.

 

Read more

Rogue Facebook apps can now access your home address and mobile phone number

January 16, 2011 by  
Filed under Security News

In a move that could herald a new level of danger for Facebook users, third party application developers are now able to access your home address and mobile phone number.

 

Facebook has announced that developers of Facebook apps can now gather personal contact information from their users.

 

84459f6deeccbc449edca00d6854629b Rogue Facebook apps can now access your home address and mobile phone number

I realise that Facebook users will only be allowing apps to access this personal information if they “allow” the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this.

 

Facebook is already plagued by rogue applications that post spam links to users’ walls, and point users to survey scams that earn them commission – and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service.

 

Now, shady app developers will find it easier than ever before to gather even more personal information from users.

 

You have to ask yourself – is Facebook putting the safety of its 500+ million users as a top priority with this move?

 

Wouldn’t it better if only app developers who had been approved by Facebook were allowed to gather this information? Or – should the information be necessary for the application – wouldn’t it be more acceptable for the app to request it from users, specifically, rather than automatically grabbing it?

 

It won’t be take for scammers to take advantage of this new facility.

 

My advice to you is simple: Remove your home address and mobile phone number from your Facebook profile now. While you’re at it, go through our step-by-step guide for how to make your Facebook profile more private.

 

By Graham Cluley @ nakedsecurity.sophos.com

 

 

Next Page »