How to clean-up your profile after a Facebook survey scam By SOPHOS
December 20, 2010 by admin
Filed under Security Channel
New password from Facebook? Beware widely spread malware attack
November 19, 2010 by admin
Filed under Security News
Malicious hackers have spammed out an attack that pretends to be an email from Facebook support saying that your password has been changed.
The messages, which have a variety of subject lines including “Facebook Service. A new password is sent you”, “Facebook Support. Your password has been changed” and “Facebook Service. Your account is blocked”, have a ZIP file attached which carries a Trojan horse.
Good afternoon.
A spam is sent from your Facebook account.
Your password has been changed for safety.
Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.
Thank you for your attention,
Facebook Service.
Sophos products detect the attached ZIP file as Mal/BredoZp-B, and the Trojan horse contained within as Troj/Agent-PLG.
It’s possible that the attackers are attempting to exploit the problems many female Facebook users had this week when the social network disabled many accounts by accident.
Don’t forget – you should always be extremely suspicious of any unsolicited email which arrives out of the blue, encouraging you to open an attachment.
By Graham Cluley @ nakedsecurity.sophos.com
Cross-platform worm targets Facebook users
October 29, 2010 by admin
Filed under Security News
A new member of the Koobface family of malware has been making the headlines in the last 24 hours. The reason why the threat, which is sometimes being referred to as “Boonana”, has been getting so much attention is that it doesn’t just infect Windows, but targets Mac OS X and Linux computers too.
This incarnation of the Koobface worm appears to have been spread via Facebook in messages asking “is this you in this video”.
IMPORTANT! PLEASE READ. Hi <username>. Is this you in this video here : <link>
Clicking on the link takes you to an external website that displays an image of a woman (grabbed from the Hot Or Not website).
Visitors to the webpage who want to see more are prompted to give permission for an applet called JPhotoAlbum.class to be run from inside a Java Archive (JAR) called JNANA.TSA.
Whether you are running Windows, Mac OS X or Linux on your computer, if you give permission for the highly obfuscated Java app to run then the malware will sneakily download a variety of programs from the internet which it will then execute on your computer.
Files which can be downloaded include:
applet_hosts.txt
cplibs.zip
jnana_12.0.tsa
jnana.pix
OSXDriverUpdates.tar
pax_wintl.crc
pax_wintl.zip
rawpct.crc
rawpct.zip
rvwop.crc
rvwop.zip
VfxdSys.zip
WinStart.zip
Sophos detects various components of the attack as Troj/KoobStrt-A, Troj/KoobInst-A, Troj/KoobCls-A, Troj/Agent-PDY, Troj/DwnLdr-IOX, and Troj/DwnLdr-IOY. In addition, Sophos’s web protection blocks access to the malicious webpages.
Don’t forget to always be careful about what links you click on, even if they appear to have been shared by someone you know on Facebook.
And if you’re a user of Linux or Mac OS X, don’t think that the malware problem only exists on Windows. Malicious hackers are becoming increasingly interested in targeting other platforms, and if users of your operating system have a reputation for being dismissive of malware warnings on your preferred OS, the bad guys may consider you a soft target.
By Graham Cluley @ nakedsecurity.sophos.com
How to protect yourself from Facebook Places
September 26, 2010 by admin
Filed under Protection Tools
After earlier roll-outs in the USA and Japan, Facebook has now opened up its location-sharing service in the UK.
In a breakfast briefing in London, Facebook explained that the new service would make it easier for users to share where they were.
But hang on a minute – I don’t want to share where I am. And I don’t want other people to be able to share my location either.
I came back late last night after a few days away on a business trip, to find that my next door neighbour had been burgled. So I want to have total control over when (and if) my location is shared and who gets told my location.
Identical twins meet on ChatRoulette? Another Facebook survey scam
September 26, 2010 by admin
Filed under Security News
Have you seen messages on Facebook like the following?
OMG! Look what happens when identical TWINS meet on Chat Roulette!
<LINK>
OMG LOL!! Twins meet for first time ever ON CHAT ROULETTE!! rofl --->> <LINK>
or
OMG! Look what happens when identical TWINS meet on Chat Roulette!
Doubt they will be using Chat Roulette again
OMG LOL!! Twins meet for first time ever ON CHAT ROULETTE!! rofl --->> <LINK> <<<--- sooo funny ...
It is, of course, the latest attempt by scammers to earn a few bucks by tricking you into visiting the link.
You might be intrigued by the thought of identical twins happening across each other on ChatRoulette, but the page you are taken to is going to force you to “share” the content with your online friends before it will actually let you see anything.
And even then, you’ll be nagged to take an online survey (earning the scammers some commission). My advice is that you shouldn’t make this type of scam worthwhile by agreeing to take the survey – often you’ll find that the content you want isn’t waiting for you at the end of the process anyway (and if the video content exists, chances are that it’s also on YouTube for free).
So, all you’re really doing is helping the scammers earn their ill-gotten gains, because your account has now publicised the link to others claiming that you’ve “LOL’d” even though you haven’t seen any actual video content at this point.
It’s a seedy dirty trick – so don’t play into the scammers hands, and think more carefully before you next “like” or “share” a suspicious link on Facebook.
GFI Labs Issues Labor Day Phishing Warning
September 3, 2010 by admin
Filed under Security News
Online holiday retail sales traditionally serve as prime platform for attacks
GFI Software security researchers issued a warning today regarding an expected increase in phishing attacks in relation to the upcoming Labor Day holiday. GFI Labs, the dedicated malware research center of GFI Software, warns that consumers are traditionally at high risk for targeted phishing attacks due to the preponderance of online retail sales events over the holiday weekend.
Amidst the flurry of emails promoting holiday sales are fraudulent messages that include bogus links to sites that download malicious software or phishing sites soliciting personal information. While research from companies like IBM have suggested that phishing attacks were on the decline last year, GFI Labs warns that customers should not be lulled into a false sense of security. According to phishing tracker Phishtank.com, there are over 2,900 active phishing web sites currently verified on the internet. Furthermore, the popularity of social media sites such as Facebook and Twitter has made them attractive platforms for holiday-themed attacks.
According to GFI Software, one of the world’s leading providers of security software, consumers can reduce their risk of infection by following three simple rules:
1) Ensure that your computer is protected against the newest malware threats by installing a combined antivirus and antispyware solution. This serves as the first point of protection against dangerous viruses and Trojans – and one without the other is no longer effective.
2) Never click on a link from an email to make a credit card purchase. The email you’ve received may look legitimate, but there’s a high probability that the link will take you to a spoofed site where your credit card information will be recorded by cyber criminals. Instead, navigate to the retailer’s Web site directly through your browser. Again, the email may look harmless, but it’s better to be safe than sorry.
3) Even when visiting a trusted Web site, be vigilant about anything that looks out of the ordinary. Social networking sites like Facebook, Twitter and MySpace have all served as points of infection recently. Do not download anything, even from a trusted site, unless you are 100% sure of its contents.
“Every Labor Day, we see a wave of phishing attacks taking advantage of consumers’ expectations of increased retail email promotions connected with the holiday,” said Tom Kelchner, research center manager, GFI Labs. “Cyber criminals see an opportunity to slip by unnoticed among the legitimate promotions. Along with making sure virus updates and security software patches are current, consumers need to stay vigilant and use common sense in order to avoid any unnecessary headaches that these fraudulent emails look to deliver over the long weekend.”
About GFI
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SME) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.
Details of 100 million Facebook users were *already* exposed on the net
August 1, 2010 by admin
Filed under Security News
Have you seen the headlines? They’re pretty scary-looking.
Here’s just a handful – although there were hundreds more to choose from:
“A fifth of Facebook users names ‘leaked’ to file-sharers”, Techwatch
“Details from 100 million Facebook profiles posted online”, Network World
“Details of 100m Facebook users collected and published”, BBC News Online
At first glance these headlines might appear frightening. But there’s one thing you need to know. All of this information was already available to anyone on the internet.
What’s happened is that a security consultant called Ron Bowes wrote some scripts to harvest publicly-available information from the profiles of Facebook users who had left their profiles open for anyone to view.
In total he managed to scrape the names and urls of some 100 million Facebook users (about 20% of their population), and posted the database of snaffled information up on a peer-to-peer file-sharing network for anyone to download.
This wasn’t really a “hack” as such, as the guy who collected this information didn’t have to break into accounts to access the information. The personal information from users’ Facebook profiles was already available to anyone because individuals’ privacy settings had not been properly secured, and they had effectively left their lights on and curtains open for anyone to peek in and make a note of anything they could see.
The real problem here is that users haven’t secured their profiles well enough – but I don’t think they’re the only ones at fault. Facebook has gradually eroded its users’ privacy over the years, in an attempt to share more information with the rest of the internet. In fact, it’s even recommended that users use settings that share more information – and some users may not have been aware that going with Facebook’s recommendations would leave them open to being snooped on in this fashion.
The problem is that once you’ve shared your information with “everyone” on the net in this fashion, there’s no going back. You can’t withdraw your data – and now the user details have been harvested they will forever be available for anyone to access.
Facebook users need to wake up to the risks of sharing too much information online, and examine their Facebook security settings closely to ensure that they are not divulging too much to people they don’t know, and are comfortable with their choices. Today the news story is about names and urls being scooped up – maybe tomorrow it could be more personal information that is gathered from poorly secured Facebook users.
Want to see who has viewed your Facebook profile? Take care..
July 26, 2010 by admin
Filed under Security News
I’m increasingly being asked by folks on Facebook if it’s possible to tell who has been viewing their Facebook profile. A number have been attracted to webpages and Facebook applications that claim to be able to give you a secret insight into who is spying on your profile.
Well, if you’re one of those people who are curious about who might be watching you online, take care.
Right now we’re seeing a significant number of Facebook users posting messages such as:
OMG OMG OMG... I can't believe this actually works! Now you really can see who views your profile!!! WOAH
and
See who views your Facebook profile in real-time!!!
However, like the “Justin Bieber cell phone number” scam and the “This mother went to jail for taking this pic of her son!” scam, the links pointed to in your friends’ status updates are not to be trusted.
If you make the mistake of clicking on the link to one of these pages offering to tell you who is viewing your Facebook profile, you will find that the people behind the “services” want you to do a few things first.
For instance, they’ll ask you to “Like” their pages (which means you are spreading the link to friends in your social network), and they will ask you to advertise their site by posting an “OMG” message (with a link) to at least five different places on Facebook.
After all that hard work you would hope that they would give you access to the powerful Profile Spy app wouldn’t you? But I’m afraid your luck is out.
They’ll next ask you to hand over your personal information by taking numerous surveys – before ultimately trying to trick you into handing over your cellphone number which they’ll sign up to an expensive premium rate service.
Remember, this scam doesn’t work as the result of clickjacking, or a vulnerability on Facebook. The scammers are achieving their ends because of human gullibility – pure and simple. If people considered what they were doing and thought twice about the possible consequences then we would see nothing like as many of these attacks occurring, and our news feeds on Facebook would see less spam.
The ‘Never gonna drink Coca Cola again’ Facebook scam [WARNING]
July 15, 2010 by admin
Filed under Security News
If one of your friends said they were never going to drink Coca Cola again after watching a horrific video, would you be tempted to watch the video?
Judging by the number of Facebook users who have posted status updates claiming they are never going to drink Coca Cola again, it seems plenty found it an invitation impossible to resist.
![coca cola status The Never gonna drink Coca Cola again Facebook scam [WARNING]](http://www.virusexperts.org/wp-content/uploads/2011/03/coca-cola-status.jpg "The Never gonna drink Coca Cola again Facebook scam [WARNING]")
A typical message reads:
<name> I am part of the 98.0% of people that are NEVER gonna drink Coca Cola again after this HORRIFIC video --> http://www.[removed]
Find out the TRUTH about Coke!!!
If you do click on the link you will find yourself on a website saying that “9/10 People said they WOULDNT drink Coca Cola After seeing this video!!!” above a thumnail of a video which says that “Coca Cola can’t hide its crimes”.
![cocoa cola video The Never gonna drink Coca Cola again Facebook scam [WARNING]](http://www.virusexperts.org/wp-content/uploads/2011/03/cocoa-cola-video.jpg "The Never gonna drink Coca Cola again Facebook scam [WARNING]")
Perhaps surprisingly, this webpage isn’t exploiting the now familiar clickjacking technique to falsely claim that the Facebook user “Like”s the page without the user’s permission. Instead, they say you can’t watch the “horrific video” until you’ve shared the link on Facebook by hand seven times.
![coca cola not enough The Never gonna drink Coca Cola again Facebook scam [WARNING]](http://www.virusexperts.org/wp-content/uploads/2011/03/coca-cola-not-enough.jpg "The Never gonna drink Coca Cola again Facebook scam [WARNING]")
![coca cola repost seven times The Never gonna drink Coca Cola again Facebook scam [WARNING]](http://www.virusexperts.org/wp-content/uploads/2011/03/coca-cola-repost-seven-times.jpg "The Never gonna drink Coca Cola again Facebook scam [WARNING]")
The page claims to poll whether you have shared the link enough (in order to allow the video to be viewed). But when you realise you’re not making any progress – despite your valiant attempts to recommend the link to all and sundry – you might hit the link which says:
>>>Cant Be Botherd To Wait? --> Click Here To Skip This<<<
Never Texting Again: Facebook rogue app spreading quickly
July 8, 2010 by admin
Filed under Security News
Updated Over 290,000 people have in the last few days clicked on a link that is spreading virally across Facebook, claiming to point to a video of someone who died after sending a text message on their cellphone.
The links are being posted on innocent Facebook users’ walls by a rogue application. A typical message posted by the rogue application reads:
I am shocked!!! I'm NEVER texting AGAIN since I found this out. Video here: http://bit.ly/a37TaB - Worldwide scandal!
If you do make the mistake of clicking on the link then you are taken to the rogue Facebook application
The problem is that even though Facebook is warning users that they are giving the “I will never text again after seeing this” application permission to post to their wall (as well as access their personal information) many people are still go ahead and press “allow”.
Why should you ever have to grant an application such permissions in order to watch a video?
Sigh.. Sometimes you just feel like you’re hitting your head against a brick wall..
Sure enough – with the permission granted, the application begins to spread its links virally via your Facebook profile:
I'm Never Texting Again Since I Found This Out
<name> has seen a shocking video, which shows someone dying because of texting
Properly cleaning-up your account after you have given permission for the rogue application to access your Facebook account takes two steps. But I’ll throw in a third for good measure.
1. Remove the application
Firstly, visit your Application Settings on Facebook and click on the “X” to remove the app from your profile.
You will be asked to confirm if you really want to remove it. Obviously the correct answer is to go ahead and remove it.
2. Clean-up your wall
With the application gone, you now need to clean-up your own wall – and stop advertising the link (and rogue application) to your online friends. Hovering your mouse over the posts on your wall should display a “Remove” option which will allow you to sanitise the news feed you are sharing with others.
3. Get smart
There are only two things you need to do to clean-up your Facebook account, but I’d recommend you get yourself educated about internet threats too, so you’re wise to these sort of attacks in the future. If you’re regular user of Facebook, you should really join the Sophos page on Facebook to be kept informed of the latest security scares and attacks.
