Malicious hackers use Facebook Wall for malware attack
Facebook users are being targeted by malicious hackers through postings on the popular Wall section of the social-networking site, security company Sophos said Thursday.
The Wall, a core feature of Facebook profile pages, is used by members to leave each other messages that in addition to text can also contain photos, videos, music and links to Web sites.
The malware attack comes in the form of a Wall message supposedly posted by a friend that urges members to click on a link to view a video on a Web site supposedly hosted by Google, said Graham Cluley, senior technology consultant for Sophos.
However, the link takes users to a Web page that isn't hosted by Google, where they are told they need a new version of Adobe's Flash player and are urged to download an executable file to watch the video.
The file is really a Trojan horse, Troj/Dloadr-BPL, that funnels other malicious code detected as Troj/Agent-HJX into users' machines. Once it has done that, it displays an image of a court jester sticking his tongue out.
While on the surface this might seem a practical joke from a friend, in reality it means the PC has been compromised and malicious hackers have gained control over it to use it for a variety of purposes, such as sending spam or distributing malware. "They now own your PC," Cluley said.
Malicious hackers have been employing this malware distribution technique for many years on e-mail messages, so many users know to avoid these traps. However, people may be less vigilant in more closed and controlled environments such as social-networking sites.
For example, in this case, the malicious Wall message is masked as coming from someone on the user's list of Facebook friends, increasing the likelihood that the link will be clicked on. "Be very suspicious of Wall postings asking you to click on a link to go watch a video," he said.
The friend whose name appears with the video has had his PC or Facebook account compromised in some way that lets malicious hackers perform actions without the friend's knowledge. It's possible that the affected friend previously fell for the "court jester" trap, and his PC and Facebook accounts are being used to propagate the scheme, he said.
The attack is the latest in a rising trend of malicious hackers using social-networking sites to distribute malware. These sites offer an attractive distribution channel because people feel safer and are more willing to follow links and perform actions if they think a friend is urging them to do so. In fact, it could be a malicious hacker posing as a friend,
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
malware
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
