Facebook Continually Plagued with Malware and Scams

Tuesday, April 05, 2011



Last week Facebook's security team mitigated a vulnerability that was caused by inadequate JavaScript validation which allowed attackers to post messages on the profile wall of any logged-in Facebook user who happened across an infected webpage.

The messages posted to their profile profile walls contained links to infected sites, which caused the worm to spread rapidly across the network.

This week the social network's team is faced with controlling the damage from a few more attacks targeting members, the largest of which is a Photoshop image scam that is spreading through the network at tens-of-thousands of clicks per hour.

According to an article in the Register UK, "An estimated 600,000 people have already clicked onto the link, which falsely promises to show them a funny Photoshopped image of themselves. In reality users install a rogue application which sends messages to their contacts via the social network's IM feature, thus continuing the infection cycle."

Luckily, no malware has been detected as being spread in the operation - yet.

Another group of scams cited in the Register UK article have been present for some time: Rogue applications that promise to let members see stats about how often their Facebook profiles have been viewed, and by whom. The scams are usually phishing expeditions aimed at collecting data from members not available on their profiles.

While Facebook in particular has seen an unrelenting barrage of assaults against the network's membership, the use of social networks as cyber attack platforms in general has also increased dramatically.

The attractive features that make social networking fun and dynamic are also the primary mechanisms cyber criminals are exploiting to spread malware and perform social engineering operations.

Symantec's latest Internet Security Threat Report (ISTR) Volume 16 states that "one of the primary attack techniques used on social networking sites involved the use of shortened URLs... In a typical scenario, the attacker logs into a compromised social networking account and posts a shortened link to a malicious website in the victim’s status area. The social networking site then automatically distributes the link to news feeds of the victim’s friends, spreading the link to potentially hundreds or thousands of victims in minutes."

In February, Facebook reconciled a major privacy vulnerability that allowed users to unwittingly spread malware to their contacts and provided malicious websites access to private account information.

Facebook also battled two malware strains that were quickly making the rounds on the social network. 

Asprox.N was being distributed through spoofed emails that appeared to be a message from Facebook stating that the user's account has been used for SPAM distribution, and that the account's login credentials have been changed for security reasons. The file actually contained malicious code designed to engage the victim's computer in a mass SPAM campaign.

The other exploit was Lolbot.Q, a malicious hotlink that was being dispersed via instant messages. When a victim clicked the link, malware designed to hijack their Facebook account was downloaded and the user is then locked out of their profile.

Targets were then lured with the promise of prizes if they fill out a questionnaire that includes providing their cell phone number, and were told that doing so will reactivate their Facebook account.

Both exploits played on the probability that targets would go to unusual lengths to regain access to their coveted Facebook accounts without first stopping to question the nature of the instructions they have received.

Possibly Related Articles:
Facebook scams Social Networking malware Cyber Crime Attacks Headlines
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.