Funny Facebook Faces 

ESET Warns of New Worm Connected with a Multi-level Criminal Attack Involving Stolen Credentials and Spammers

 

 

Anti-virus and threat protection company, ESET, has reported that there may be a new worm circulating on Facebook. As reported on IrishDev.com (more) just two days ago, the attack comes in the form of an Instant Message (IM) popping up from a Facebook friend.

 

 

ESET's Director of Technical Education, Mr. Randy Abrams explained that a contact of his had received an Instant Message from a friend on Facebook that said "Hey i just made myself a cartoon omg lol ill show you but you gotta do urs too."

 

 

The IM also included a link to a web site that claims to allow you to upload a picture and it will turn it into a cartoon for a fee. While Randy's friend did not click on the link, his friend did not send the IM either, but did click on the same message when he too got it from a friend.

 

 

Randy said: "At the very least this is an IM spam attack, but it isn't clear if it is in conjunction with a worm. It may turn out that it is not a worm but another type of attack that involves multiple levels of criminal organizations.

 

To begin with there are stolen credential attacks. The two primary ways that a crook steals a Facebook account are by phishing for the information and by guessing the username and password. If you use the same password at Facebook that you used on another site and you got phished for another site then the odds are the bad guys will get your Facebook or MySpace or other social networking accounts."

 

 

Randy explains that criminal organisation are, to some degree, being aided by the privacy laws in Holland. The stealing of account credentials is the first level of crime and next come the spammers who use the stolen accounts to send email or instant messages.

 

"In the Facebook case we are following it could be a case of stolen credentials but there are signs that clicking on the IM causes your Facebook account to IM your friends. The IM is for spam and contains a link. The link goes to a web site registered in Holland."

 

 

Because of Holland's privacy laws ESET is unable to find out who owns the domain and Randy adds that as long as crooks can hide the ownership of domains we will have a much rougher battle against cybercriminals.

 

 

It is possible that the level of crime stops at the spammer who is probably being paid to direct traffic to a web site. The operators of the site receiving the traffic may not know that the spammer is using unsavory tactics to redirect. After clicking on the link in the IM there are at least redirects before you arrive at the site that lets you turn your picture in to a cartoon. To share the cartoon you have to sign up for a service that costs $9.99 -$19.99 per month. The terms of service indicate that you text messaging capability is required for all services.

 

 

This may be a legitimate, if not over-priced web site, however there are still more potential levels of crime here. By signing up your cell phone might start automatically calling premium rate phone numbers. Your credit card details could additionally be sold to other criminals.

 

 

It is not uncommon for people to have their credentials stolen thereby allowing a hacker to access their email and social networking accounts. For this reason you must take extra precautions to be sure that when a friend sends you a link you verify it really was the friend who sent it.

 

Randy concludes: "One wrong click and you may spam all your friends. If the link directs you to download or run a program be even more wary. Always exchange a message or two and ask if they really did send you the link. If they say "no" then you know it is a problem."

 

 

Meanwhile, ESET competitor Sophos, has today warned Facebook users to be on their guard to a hoax about passing on a virus to their friends. The company says that many users are currently forwarding inaccurate advice, warning others to beware of a "virus" that claims a girl killed herself over a post her father made on her Facebook wall.

 

 

The text of the warning reads as follows:

"WARNING: THERE IS A VIRUS GOING AROUND AGAIN, IF YOU SEE A GIRL WHO KILLED HERSELF OVER SOMETHING HER FATHER WROTE ON HER WALL DO NOT OPEN IT, IT IS A VIRUS AND IT WILL NOT ALLOW YOU TO DELETE IT, PLEASE PASS THIS ON BEFORE SOMEONE OPENS IT. (IT IS A SELF REPLICATING TROJAN)"

 

 

However, the alerts are inaccurate, and members of the public are inadvertently spreading the hoax in the belief that they are helping Facebook friends to avoid the threat from a non-existent virus infection.

 

 

Graham Cluley, senior technology consultant at Sophos said the hoax is rapidly spreading across the social network: "Ironically, the bogus warning about the virus is spreading faster and wider, and is probably more of a nuisance, than a genuine malware outbreak. The situation has been complicated by cybercriminals creating Facebook pages that pretend to offer pictures of the girl's Facebook wall, but are really designed to generate money by sending unsuspecting users to online surveys."

 

"Facebook users should always check their facts with a reputable source before sharing a virus warning with their online friends," continued Cluley. "Scares like this can cause users to panic unnecessarily, and may mean that the public takes genuine virus outbreaks less seriously."

 

 

 

Image Courtesy of http://anthonygeoffroy.deviantart.com/

 

Visit Reflex - ESET Distributor in Ireland

 

 

 

 

The 3rd Irish Software Show 2011 - Date Announced Click Here

 

People reading this article also read....

 

 

More ESET News on IrishDev.com

 

More Sophos News on IrishDev.com

 

More Facebook News on IrishDev.com

 

More Virus News on IrishDev.com

 

More Security News on IrishDev.com

 

More Hacking News on IrishDev.com

 

 

Get Instant Updates....

Join IrishDev.com on Facebook and Twitter