Fake Facebook Users Spreading Scam Messages

 

I just saw new way of scams that spreading in Facebook as a messages with the same content of usually email scams about claiming prizes or money even the account who send the scam don’t have any personal information and friend, he just put the Facebook logo as a profile picture to be as Facebook team. (Watch Out and Take Care)

 

Read more

Be aware of rogue security of Fake AVG software

We have noticed rogue antivirus software that pretends to be the AVG Anti-Virus 2011. As usually  social engineering is in use -  well known names (AVG, Microsoft Security Essentials)  and designs of trusted applications are present in order to increase credibility.

 

Read more

WINDOW LIVE TEAM -ACCOUNT ALERT- Another Spam That Attacking Hotmail Accounts

Watch out from this fake spam emails that says its from WINDOW LIVE TEAM and its asking about your personal information.

 

Its look like this in your inbox :

 

 

 

and the message content looks like this:

 

 

 

Finally, don’t reply to these kind of emails and mark it as spam.  - Take Care -

 

SophosLabs – What is Fake Anti-Virus?

Malware Sales Through Social Networks

Social media has affected business organizations in many different ways through the years and these effects caused the development of a rather complicated relationship between the two.

 

Social media has proven to be an effective marketing tool for businesses. Data collected last year from Fortune’s Global 100 revealed that more than 50 percent of the said companies have Twitter, Facebook, and YouTube accounts. On the other hand, social media tools such as social networks have been reported to affect office productivity and also serve as popular media for online threats.

 

In the same way that businesses use social media, cybercriminals do as well. Just recently, we saw an advertisement for fake point-of-sale (POS) devices in an underground forum where the seller offered a fake POS device for 1,000 EUR.

 

This time, we found an advertisement for a malicious tool, in a more “mainstream” channel.

 

 

 

 

The YouTube video above is actually an advertisement for a distributed denial-of-service (DDoS) tool. A screenshot of the tool is shown on the video while features and other details such as the price and the URL where to purchase the tool are indicated in the details. (It has since been taken down by YouTube.)

 

Notably, the video had more than 600 views. Though the number is relatively small, one can’t help but wonder how many of those viewers were enticed enough to visit the given site and to purchase the tool. After all, it’s only US$15.

 

The said post is just one of the many malware ads in social networks. If anything, the above-mentioned advertisement only goes to show that cybercriminals are using social networks the same way legitimate businesses do to gain “customers” even if the customers in question are other cybercriminals.

 

For best practices to follow in managing a social network account, you can check our white paper, “Security Guide to Social Networks.”

 

 

Try not to laugh xD: Worm spreads via Facebook status messages

A clickjacking worm spread quickly across Facebook earlier today, tricking users into posting it to their status updates.

The worm, which some have dubbed Fbhole because of the domain it points to, posts a message like the following:

try not to laugh xD http://www.fbhole.com/omg/allow.php?s=a&r=<random number>

 

Clicking on the link would display a fake error message that would trick you – through a clickjacking exploit – to invisibly push a button that would publish the same message to your own Facebook status update. We’ve seen clickjacking exploited by hackers before in attacks on social networks, for instance in the “Don’t click” attack seen on Twitter in early 2009.

 

READ MORE…. and see the video

 

 

The Facebook ‘Stupidity’ virus warning meme

In the wake of the recent headlines about privacy concerns and the widespread“sexiest video ever” malware attack against Facebook users earlier this week, I’ve been keeping a close eye on the messages people post publicly to see how they’re coping, and what general advice they give to each other about security and privacy issues.

 

One of the things I’ve noticed is a growing number of people sharing a joke virus warning with eachother.

A typical version reads:

Another Virus is Spreading Like Wild Fire on FACEBOOK. IT'S CALLED "STUPIDITY". It makes U join FAKE FAN PAGES Promising FREE STUFF 4 Your Games. This Virus Spreads to ALL Ur Friends and they TOO Become Stupid. There is No Known Cure For this as of YET, Only Precaution is When Someone Invites U to become a FAN...JUST CLICK 'IGNORE' or better- 'BLOCK'. COPY & REPOST THIS WARNING SO OTHERS ARE SAFE FROM "STUPIDITY"

 

Hopefully I don’t need to tell any regular Clu-blog readers that this isn’t a genuine virus warning. Rather like the Amish, Badtimes and Irish virus hoaxes, this “Stupidity” alert is being sent around Facebook as a joke.

 

READ MORE…. and see the video

 

 

Watch out from new type of spams that attack Facebook users

Today I received a private message  at my Facebook account, its says that I win money and it asked me for my information so its look the same spams that attack e-mails account but it moved to Facebook by maybe fake users so be careful and press on  ”Report Spam” .

 

Example of spam message :

 

Farm Town virus warning: Malvertising at work?

Players of the online game Farm Town are being warned to be on their guard for malicious adverts that display fake security warnings in an attempt to dupe unsuspecting users into installing malicious code or handing over their credit card details.

 

SlashKey, the developers of the game which has over 9.6 million monthly active users on Facebook, has posted a warning on its forum advising players to be wary of warnings that suddenly pop-up telling them that their computer is infected:

If you suddenly get a warning that your computer is infected with viruses and you MUST run this scan now, DO NOT CLICK ON THE LINK, CLOSE THE WINDOW IMMEDIATELY. You should then run a full scan with your antivirus program to ensure that any stray parts of this malware are caught and quarantined.

If you do research on many of these spyware programs you will also find a myriad of sites proclaiming they are the only ones who can rid you of these programs. This is not true and on a personal level I urge you to use great caution as some of these so called wonder cures are as much of a scam as the malware you are trying to remove.

 

Hundreds of Farm Town players have responded on the forum, saying that they have been on the receiving end of the attack – but the worry is that many many more users may not have seen the warning and could have been tricked by the fake anti-virus warnings into infecting their computers or handing over personal information.

It appears that the problem is related to the third-party advertising that Farm Town displays underneath its playing window. In all likelihood, hackers have managed to poison some of the adverts that are being served to Farm Town by the outside advert provider.

 

Such malicious advertising (or malvertising as it is known) has been the vector for other infections in the past, including attacks against the readers of the New York Times and Gizmodo.

 

What makes this attack all the more serious, of course, is the sheer number of people that regularly play Farm Town, and that – in all likelihood – they might not be as tech-savvy as the typical Gizmodo reader, and thus more vulnerable to falling for the hackers’ scam.

 

Rather than SlashKey simply asking its players to report offending adverts when they appear, it might be sensible for the company to disable third-party adverts appearing alongside Farm Town until the problem is fixed.

 

It may not be Farm Town’s fault that a third-party advertising network is serving up malicious ads, but doing anything less is surely showing a careless disregard for the safety of its players.

 

Until the makers of Farm Town resolve the problem of malicious adverts, my advice to its fans would be to stop playing the game and ensure that their computer is properly defended with up-to-date security software. If you do feel you have to play Farm Town then it might be wise to disable adverts in your browser (for instance, using an add-on such as Adblock Plus on Firefox).

 

By the way, if you are on Facebook and want to keep yourself informed about the latest security news you may want to become a Fan of Sophos on Facebook.

 

 

By Graham Cluley, Sophos

 

 

 

Account notification email warning? Don’t follow the instructions

If you’re returning to an overflowing inbox after the Easter holiday weekend, make sure that you don’t fall for the latest scam being distributed widely by spammers.

 

Emails claiming that recipient’s accounts have been temporarily suspended are being seen around the world today, attempting to trick users into believing that their email account has been accessed by somebody else.

 

The spammed-out emails try to hoodwink users into running the attached file (Instructions.zip) which is, predictably, carrying a malicious payload.

Dear Customer,

This e-mail was send by example.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions

(C) example.com

 

In an attempt to make the email more convincing, the attackers reference the domain name (for instance, example.com) used by the recipients’ email account in the emails they are spamming out.

 

Sophos detects the malicious attachment proactively as Mal/FakeAV-BT and Mal/BredoZp-B, but users of security products from other vendors would be wise to ensure that they are properly updated and protected.

 

The hackers are once again using a tried-and-trusted social engineering trick (in this case trying to fool you into believing that your account has been compromised) to lure you into the serious mistake of opening the attached file.

 

Wiser computer users should have learnt by now that you should always be extremely suspicious of unsolicited attachments.

 

 

By Graham Cluley, Sophos

 

Related Blogs

Next Page »