RSS Alerts

Related Links

Related Stories

  • Facebook users plagued by rogue application
    Facebook was plagued by security and privacy issues both real and imagined in the last week, as a real-life worm battled with an imaginary one in a competition to see which could petrify the service's users the most.
  • Websense protects Facebook users against malware
    Websense has relaunched a spam protection service with a new feature set that protects Facebook users against malware.
  • Facebook bolsters online safety efforts
    Facebook is trying to quash concerns over the privacy and safety of its online users, by pulling together several advocacy groups to form a safety advisory board.
  • Facebook hits back at hacked Groups claims
    Facebook hit back at a grassroots digital privacy group this week, after it criticized the social media giant's handling of its Groups functionality. Control Your Info, a group hoping to highlight information privacy flaws in social media applications, revealed that it is possible for anyone to take over ownership of a Facebook group that has no administrators.
  • Searching for Security
    With more than 30 000 web pages being compromised every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves

News

Facebook users subject to yet another malware attack

12 March 2010

Researchers from web security firm Websense warned Facebook users earlier today to refrain from clicking on URLs posted on the pages of some famous celebrities – or even people on their friend list – as links to alleged videos were actually portals to malware infection.

Facebook members were subjected to malicious URLs posted on the wall of some of the service's most famous users, including Justin Timberlake, but the very same compromised links were spread from thousands of members across the social networking service, propagating by the second before the command-and-control server spreading the malware was taken offline during the day. According to Websense, Facebook members who clicked on the URLs would likely have their machines infected by malware, as only about 14% of the top anti-virus engines were able to detect the infection.

Patric Runald, senior manager for security research at Websense, told Infosecurity that the installed malware would steal a user’s Facebook username and password, log into the user’s account, and then begin to spread the malicious link by posting messages to group and user walls and via messages to friend/group lists.

In the case of Justin Timberlake’s Facebook page, more than two million fans have signed up to follow the postings. Once accounts like these were compromised, it’s easy to see – via Websense’s video evidence – how the malicious link was able to spread so rapidly across the service, literally by the second.

Runald added that links to the supposed videos had an accompanying message indicating that the recipient was in the video and to click on the link to view it. This was the vehicle through which this ruse was spread so easily across Facebook.

“Be aware of any links that talk about videos, that point to a website that looks semi-suspicious”, said Runald. However, he now assures that the threat is no longer active, as Websense promptly notified Facebook of the scam, and the site hosting the malicious content was taken offline.

To prevent possible infections from future scams, Runald told Infosecurity that Websense offers a free Facebook application called Defensio to monitor for malware and other malicious content on a user’s page. It can be installed for free on any user’s profile, both in a personal or corporate setting.

 

This article is featured in:
Application Security Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water