The Hacker Door Facebook security scare

A warning being sent across Facebook is scaring users into believing that their accounts have been hacked.

 

Here is a typical example of a warning message:

To all of my friends: COPY & PASTE: New problem found.... Hacker in door in our friends list!....We are now listed as friends of ourselves! You need to delete yourself from your friends list to close the door to hackers. To do this ... Go to Account, go to edit friends, there search for your name on the list and click the X to get your name removed.

 

The problem with this warning is that it’s complete poppycock, and causing some users to panic that they could have been hacked.

 

Yes, there is a bug that means that when you search through your Facebook friends list, you show up yourself as one of your friends. And yes, even if you try and “delete” yourself as a friend you’ll pop up again when you refresh the webpage.

 

But this is not evidence that your account has been compromised, and if you forward this warning to your Facebook friends and acquaintances you are only helping to perpetuate the hoax.

 

We saw a similar hoax spreading across Facebook earlier this year in what we called the “Automation Labs” security scare.

 

In summary, the “Hacker Door” scare is not something to worry about, and you should always check your facts before forwarding security warnings like this to your friends and colleagues.

 

However, there are real security issues on Facebook, as with any other social network. Make sure you read our guidelines for better security and privacy on Facebook.

 

Oh, and you might want to become a Fan of Sophos on Facebook too!

 

By Graham Cluley, Sophos

 

 

The FarmVille ‘Three Spring Eggs’ virus is a hoax

Panic is spreading quickly amongst FarmVille’s many online players following internet reports of a virus connected with sharing three eggs.

 

The Facebook farming simulation game, which is a huge hit on Facebook with over 80 million regular players, is currently being dogged with false reports that a virus is spreading via links which offer gamers the ability to send three eggs at once.

 

A typical warning being spread by concerned FarmVille players reads as follows:

RED ALERT!!! Norton has just informed me that the post for Send the 3 spring Eggs at a time is a virus, Rawand Bradosty is a HACKER from Pakistan, do not click on this post it is not legitimate, please copy and repost immediately.

The truth, however, is that we have not seen any virus being distributed in this manner and Rawand Bradosty appears to be having his name tarnished without justification. In fact, it could be argued that the warning is causing much more disruption and time-wasting than a genuine virus outbreak would ever have done!

Of course, you should always be careful about clicking on unsolicited links as they could lead you to page containing malicious content or a site designed to phish credentials from you. And you should ensure that you have up-to-date security on your computer, checking every link that you click on. But in this case, the scare has got out of hand and is proving to be a hoax that is hard to stamp out.

 

Do your bit – don’t forward virus alerts to your friends and family until you have confirmed that the alert is real with a reputable security company. Otherwise, you could be just helping to keep a hoax alive.

 

Don’t forget, if you’re on Facebook you may want to become a Fan of Sophos on Facebook to help stay up-to-date with the latest security news.

 

By Graham Cluley, Sophos

 

 

No, you’ve not received a postcard from a family member

Over the weekend there has been a new wave of attacks spammed out, spreading a version of the Bredo Trojan horse via malicious emails.

 

The emails claim to be an ecard from a family member, but opening the attachment can infect your computer with the Troj/Bredo-BS Trojan horse.

 

A typical email has the following characteristics:

Subject: You've received a postcard
Attached file: postcard.zip
Message body:
Good day.

Your family member has sent you an ecard
If you wish to keep the ecard longer, you may save it on your computer or take a print.
To view your ecard, open zip attached file.

 

This is clearly an old tactic to trick people into infecting their computers, but the reason why it’s so familiar is that it really does work.

 

There’s clearly a danger that some people may return to their work email on Monday morning and, with still sleepy eyes after the wekeend, open the attachment before their brain has been woken up by a strong sip of coffee.

 

Sophos detects the ZIP file as Troj/BredoZp-AC, and its contents as Troj/Bredo-BS.

 

Somehow the BS nomenclature seems particularly appropriate for this clearly bogus ecard from a family member.

 

Make sure your anti-virus software is up-to-date, and able to protect against these latest threats, which are still being distributed via spam right now, as you can see in the above snapshot of malware being detected in our traps.

 

Don’t forget you should always be cautious of opening unsolicited email attachments – criminal hackers will often use this technique to try to trick you into running malicious code on your computer.

 

By Graham Cluley, Sophos

 

 

Twitter fights back against spam, phishing, and other malicious links

In a move that should be welcomed by many users, Twitter has announced that it is introducing a new feature to combat the many malicious and malware URLs that are distributed via the micro-blogging site.

 

In a blog entry posted by Del Harvey, Twitter’s Director of Trust and Safety, it was revealed that the site will start using its own URL shortener (twt.tl) for Twitter messages sent privately between two users via a direct message (DM), giving it the opportunity to “detect, intercept, and prevent the spread of bad links across all of Twitter”.

 

As Sophos’s Chet Wisniewski told DarkReading, the new http://twt.tl shortened url appears to be only evoked with email notifications for direct messages at this time.

 

Details of how Twitter is determining if a link is potentially malicious or not do not appear to have been released at this time, and it would certainly be great if Twitter would post some more information on how the system will work and what users can expect to see.

 

It’s also to be hoped that this new service will be rolled-out to other areas of Twitter too. We’ve seen many times in the past that phishing and spam attacks on Twitter don’t tend to restrict themselves purely to DMs, but will also often be found in the public timeline too, as the following YouTube video demonstrates:

 

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

The problem of dangerous links being distributed via Twitter has been growing for some time, with some 70% of people polled by Sophos reporting that they have been on the receiving end of spam and malware attacks via social networks in the last year.

 

The news of Twitter’s new twt.tl short url facility follows a few months after bit.ly announced that it would protect users against visiting webpages that may contain a malware, spam or phishing threat using technology from security vendors such as Sophos.

 

* Image source: wonderferret’s Flickr photostream (Creative Commons)

By Graham Cluley, Sophos

 

Hackers exploit Oscar film awards to spread scareware

 

Last night saw Kathryn Bigelow’s hard-hitting film “The Hurt Locker”, about a bomb disposal team in Iraq, scoop the major gongs at the Academy Awards. It shouldn’t probably be any surprise to hear that movie buffs around the world used the internet to keep track of who won which Oscars, and – sadly -that hackers would try and exploit the event.

 

Internet users searching for phrases like

Oscars 2010 winners

 

may be putting the security of their computers at risk today, as some of the results returned by search engines can point to malicious webpages.

 

By using SEO (search engine optimisation) techniques, hackers have created webpages that are stuffed with content which appears to be related to the 2010 Oscars, but are really designed to infect your computer.

 

As you can see, information about the Oscars ceremony and award winners has been one of the hottest search topics overnight.

 

Clicking on the dangerous links takes you to a page which pretends to scan your computer for security threats, trying to trick you into downloading malicious code and hand over your credit card details.

 

As Fraser Howard recently described on the SophosLabs blog, victims are redirected a number of times upon visiting from a search engine, before being taken to a webpage hosting a malicious script.

 

Sophos detects the malicious scripts as Mal/FakeAVJs-A, and the fake anti-virus itself as Troj/FakeAV-AXS.

 

Fake anti-virus attacks (also known as scareware) are nothing new, and it’s very common for hackers to exploit hot topics in an attempt to bring a steady stream of traffic to their infected webpages.

 

By Graham Cluley, Sophos

Video of Twitter phishing: The BZPharma ‘LOL this is funny’ attack (Video)

Twitter users are being warned about a widespread phishing attack spreading across the system, designed to steal the usernames and passwords of unsuspecting members.

 

Messages include

Lol. this is me??
lol , this is funny.
Lol. this you??

followed by a link in the form of

http://example.com/?rid=http://twitter.verify.bzpharma.net/login

where ‘example.com’ can vary. As we have seen many variations of the URL in its entirety, you would be wise to avoid clicking on any links which refer to bzpharma.net at the very least.

 

Watch this YouTube video for more details:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Although Twitter has urged users to be vigilant about the threat being distributed via private direct messages, it’s clear that dangerous links are also being posted in public feeds. This means that you can stumble across the links even if you aren’t sent it directly, or even if you are not a signed-up user of Twitter.

 

It appears what is happening is that the messages are being shared more widely because of third-party services like GroupTweet which extend the standard Twitter direct message (DM) functionality and allow private messages to be sent to multiple users *and* optionally made public.

 

As a result, as you can see in the video above, we have found Twitter accounts that have warned their followers about the phishing attack, only to subsequently fall victim to it themselves!

 

Regardless of how you come to click on the dangerous link, if you do enter your username and password on the fake Twitter login page your details will be phished and placed in the hands of hackers.

 

The page then displays a “fail whale” screen, claiming that Twitter is over capacity, before taking you back to the real Twitter main page. As a result, compromised Twitter users may not realise that their login details have been stolen.

 

Interestingly, the bzpharma.net site doesn’t just appear to have been set up for Twitter phishing. It appears to also have been created for stealing the online identities of the Bebo social networking site too:

 

If you have been tricked by the phishing attack and accidentally handed over your username and password, change your password immediately.

 

We’re going to see many more attacks against social networks in the future I’m afraid. Last month, Sophos published its Security Threat Report revealing that there had been an astonishing 70% rise in the number of users reporting spam and malware attacks via social networks in the last year.

 

Update: The phishing campaign appears to be bearing fruit for the hackers as they are now distributing spam selling herbal viagra from the compromised accounts. Learn more now.

 

By Graham Cluley, Sophos

 

Top 10 Ways of Spread Virus in Computer

Most people these days understand what a virus is and how harmful it can be, but they are still somewhat unsure how computer viruses spread. The truth is that there are dozens of different ways in which a virus can spread from computer to computer, but let’s take a look at the most frequent ways in which people run into viruses, spyware and Trojans on the Internet.

 

1. Email attachments: Golden rule is that if you don’t know what an attachment is, don’t open it. You don’t have to take such drastic steps to protect yourself, however; simply use common sense when opening attachments in your email.

 

2. Rogue Websites:It is depressing to know that you may become infected with spyware or a virus by doing nothing more than simply visiting a website, but it is true. Many adult websites, gambling websites and other less than trustworthy websites will attempt to automatically access your computer when you visit them. They often install adware bugs that will cause a flurry of pop ups to appear on your screen.To stop these rogue websites, adjust the settings on your antivirus software and firewall so that no outside connections can be made and no programs can be installed without your express permission.

 

3. Networks: If your work computer is part of a larger network, you may find yourself with an infection through no fault of your own. Someone else on the network downloaded a bug by accident, and within minutes, the entire network could be infected. There isn’t much you can do to stop these kinds of infections, short of having your network administrator ensure that everyone’s antivirus software is up to date so that the invading bug can be removed as quickly as possible.

 

4. Phishing Schemes: Learning how computer viruses spread is important to keep yourself, and your personal information, safe online. Phishing schemes are one of the chief ways in which people end up with their identity stolen and a computer fill of viruses. A phishing scheme starts when you receive an email from a website claiming to be your bank or credit card company. You are asked to click a link and log in, but the truth is that you’ve just given away all of your personal information. Often times, when you visit these sites, spyware, adware and viruses are automatically installed on your computer. smartest thing you can do is to simply call your bank or credit card company if you receive an email saying there is a problem with your account instead of blindly following links in your email.

 

5. Infected Software: One of the great things about the Internet is how many free games and programs there are out there, but these free programs often come at a price. Too many rogue websites intentionally infect their freeware (like Kazaa) with trojan viruses so that you unknowingly infect your computer every time you download a free game or piece of software. The key here is to only download freeware or shareware from a trusted source like CNet that always ensures your safety.

 

6. Hackers: The Internet today is a much more law abiding place than it was ten years ago. Not only did most people not have antivirus protection and firewalls that could stop incoming attacks, most people didn’t even know what they were. Today, people understand the value of good online protection, but hackers can still pose a problem if you allow your protection software to lapse. The best way to beat hackers is to ensure that you have a firewall and up to date antivirus software.

 

7. Instant Messaging: It is difficult to find a computer in this day and age that doesn’t have at least one instant messaging service installed on it. Unfortunately, these programs are often targets of hackers who see an easy way to trick people into clicking links that lead them to rogue websites. Common sense can keep you out of trouble, however. Only chat with people you know and never follow links to sites that you don’t recognize. You should easily be able to keep Internet worms, viruses and other bugs at bay.

 

8. Fake Anti Virus Software:  This is one of the most frustrating ways to become infected with a virus or worm. There are dozens of anti virus and anti spyware programs you can download for free on the Internet and a surprising number of them actually do exactly the opposite of what they claim. The product websites make outrageous claims that their product can protect you from a whole range of threats, when, in reality, their product will only make things a thousand times worse. Only download antivirus programs from trusted sites or from websites that you know are completely legit.

 

9. From Mobile Devices & External USB Devices : Mobile phones get infected by bluetooth transfer,etc.. when u connect the mobile to computer you can be affected by those virus even if you connect Infected external USB flash desk or hard desk. keep one anti virus software for mobile. Keep your anti virus software up to date at all times and you should be able to wrestle control back from any Internet bug.

 

10. Friends and Relatives: The social networking site Facebook has had to battle this very problem when their serves get a bug and automatically send out emails to everyone on the system that are infected. Often times, these emails are extremely generic sounding and come with suspicious attachments, but people often open them anyway since they have come from a friend or from a site they trust, like Facebook. Remember, if you get an attachment with an .exe extension or a .dll, don’t ever open it.

 

Learning how computer viruses spread is the best way we can put an end to their reign of terror online. It is only with the right knowledge and the best antivirus software that Internet users everywhere can beat online bugs for good.

 

« Previous Page