Monthly Archives: April 2011

Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl

It’s starting to seem like Facebook can’t win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using the phrase “OMG! I Can’t believe JUSTIN Bieber did THIS to a girl”.

It leads to a page asking you to verify a simple math problem to “prevent bots from slowing down the site”. In actuality, it is another clickjack-type scheme in which you are asked to type the answer into a box.

Comment-jack security check

It doesn’t matter what you type, because it’s a social engineering trick. What you are actually typing is a comment that is used to share the link with your friends on Facebook. You can see the tooltip that says “Add a Comment” in the screenshot.

This bypasses Facebook’s recent attempt at detecting likejacking fraud. Links you comment on are not using the same mechanisms that Facebook is monitoring when you click “Like”.

Many moons ago, the first Facebook attacks started with illegitimate applications asking for permission to access your wall and spread their messages by spamming your friends through wall posts. While this worked well, it was a bit easy for Facebook to track down and remove the bogus apps.

Early in 2010 we saw the first attempts at likejacking. This technique involves layering one image over the top of a Like button and tricking the victim into clicking something that appears to play a video or a continue button, when in fact they are clicking the Like button hidden underneath.

Facebook Bieber scam wall post

More recently we have seen the attackers trying lots of new techniques. In the past few months we have seen them tagging people in photos they are not in to get you to click, inviting people to fake events and even making you an administrator of a Facebook page that isn’t yours.

While protecting yourself may not be as simple as not clicking anything that says “OMG!” that isn’t a bad start. Be skeptical, understand that messages from your friends may not in fact have been sent to you willingly, and if you are really tempted to click, take a short timeout to conduct a Google/Bing search.

As of the time of this writing some of the YouTube videos this scam leads to have been removed by YouTube. However, one video that is still working has over 525,000,000 views since February and thousands of comments in the last 24 hours — in other words, since this Facebook scam has been making the rounds.

To stay up to date on the latest threats, follow us on Facebook. For advice on how to configure your profile to protect your privacy check out This recommendations for Facebook settings.

Source :- http://nakedsecurity.sophos.com

Advertisements

Banned Lady Gaga video attack spreads on Twitter via rogue app

Watch out for tweets about a banned Lady Gaga video, currently spreading across the Twitter network.

The tweets are being posted by rogue applications, that users are allowing to access their profiles in the belief that they will get to view a prohibited video of Lady Gaga

Tweet promoting banned Lady Gaga video

VIDEO PROHIBIDO LADY GAGA banned [LINK] @shakira @ladygaga como ganar dinero facil

(Please note that the precise wording can vary)

If you make the mistake of clicking on the link you are taken to a fake YouTube webpage.

Fake YouTube page

Of course, you believe that you’re going to watch a banned video of Lady Gaga so you might very well click on the play button.

Doing so, however, asks you to grant permission to a third party app which wants to connect with your Twitter account.

Rogue Twitter application

Don’t, whatever you do, give it permission to continue. Because if you do, your account can now be accessed by third parties – who will be able to post messages in your name to all of your followers.

Hopefully the fact that the messages we have seen so far have all been in Spanish may reduce the impact of this particular attack.

Interestingly, it seems that Lady Gaga herself has been having trouble with these Twitter hackers.

The eccentric songstress, who has more followers on Twitter than anyone else in the world, posted a message yesterday saying:

Whoever is hacking my Twitter must answer to 10 million monsters and Twitter police. #Don'tMakeMeCallTheApostles

Lady Gaga@ladygaga
Lady Gaga

Whoever is hacking my Twitter must answer to 10 million monsters and Twitter police. #Don‘tMakeMeCallTheApostles

Although the singer quickly deleted the rogue tweets that had upset her so much from her page, I was able to discover them cached elsewhere on the net:

TAROT de shakira [LINK] clarividente de @shakira #horoscopo ganar dinero navegando

and

VIDEO PROHIBIDO LADY GAGA @ladygaga [LINK] ganar dinero navegando

The bit.ly links used in the messages posted to Lady Gaga’s Twitter page linked to the same fake YouTube page, and were created by the same person who appears to be behind the rogue application attack.

Lady GagaIs it possible that Lady Gaga, or the staff who manage her Twitter account, fell for the scam themselves? And that’s why the rogue message appeared on Lady Gaga’s Twitter page?

Lady Gaga has over 9.6 million followers on Twitter, making her the most popular person on the network (yes, beating even Justin Bieber..) and a prize goal for any scammer who wants their scammy spammy links to be spread to as wide an audience as possible.

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.

Source :- http://nakedsecurity.sophos.com

The Social Media Buzz Behind the Royal Wedding

With hours to go until the Royal Wedding, online buzz surrounding the big event has surpassed the chatter that surrounded the Egypt uprising and the Japan earthquake.

New stats gathered and analyzed by Webtrends reveal that the world simply can’t stop talking about the Royal Wedding (not that you needed us to tell you). According to the web analytics company, people have sent 911,000 tweets in the last 30 days, or just a little more than 30,000 tweets per day, which accounts for 71% of the buzz Webtrends tracked. For comparison, there were approximately 217,000 Facebook status updates and 145,000 blog posts about William and Kate’s big day.

And while you may think most of the social buzz surrounding the royal nuptials is coming from the U.K., think again. Webtrends says that a whopping 65% of tweets, blog posts and Facebook updates are coming from the U.S., while 20% are coming from the UK. Canada is in third place with a mere 2.6% of social media buzz. This matches stats from Nielsen, which also says that the U.S. is the #1 source of Royal Wedding chatter.

Check out the infographic if you want to see the rest of the Royal Wedding stats:

Note: this infographic is split into two parts.

For Students, What Is the “Facebook Effect” on Grades?

Social media has several effects on academic work— some more positive than others. But what is social networking’s overall impact on college students’ performance?

According to data gathered from several sources by OnlineEducation.net, Facebook and Twitter are used to great benefit — sometimes. Students welcome online engagement and resources; around 75% of student respondents said they’d like to do some online collaboration for class, in fact.

Also, social media may have a positive impact on students’ sense of themselves in the community. Social media-using students were twice as likely as other students to feel well-liked by their peers and to participate in extracurricular activities. And 20% more of Facebook-using students (as compared to students who didn’t use Facebook) said they felt connected to their school and community.

However, negative effects abound. Students who use Facebook and hit the books simultaneously found their multitasking led to 20% lower grades than those of their more focused peers. Facebook-using students also made less money during school from part-time work, putting in around five hours per week as opposed to 16 hours per week for a typical, unplugged counterpart.

Not only do grades and finances suffer, but students might actually end up feeling more depressed or lonely. Almost half of students believe they are sadder than their friends on Facebook, and 25% of college students have shown signs of severe depression in their status updates at one time or another.

In a word, the results are inconclusive. But with around 96% of all college students on Facebook, only the most dedicated academics would consider giving up social media for a slightly better GPA.

In the comments, we’d like to know what impact social media had or has on your academic work. And if your college career pre-dates social media, how do you think college is better or worse because of Facebook?

Source -: http://mashable.com

Royal Wedding Chatter Amps Up on Facebook, Twitter [STATS]

One hardly need look at the numbers to know that talk of the Royal Wedding is accelerating rapidly ahead of the April 29 event. The numbers are nevertheless enlightening, especially in light of where and among whom conversations about the Royal Wedding are occurring.

News stories (as indexed by Bing) are up nearly sevenfold to 7 million per day since the beginning of the month. Blog posts have more than doubled from 46.7 million on April 5 to 102.9 million, according to data obtained from Trendrr.

According to Nielsen, the Royal Wedding has made up more than 0.3% of all news coverage in the U.S. since the engagement was announced. YouTube videos tagged with top Royal Wedding-related keywords (Royal Wedding, Kate Middleton, etc.) have grown more than 10 times from 37.5k per day to 460k per day.

Perhaps the most amusing is the rise in Royal Wedding-related eBay auctions, up from 7,435 in mid-February to more than 400,000 this week.

Just as with the U.S. media, more of the American public is talking about the Royal Wedding than their U.K. counterparts. 40% of Royal Wedding-related, English language tweets originate from the U.S., followed by the UK (31%), Canada (8%), Australia (6%), Indonesia (4%) and India (3%), Trendrr finds.

Interestingly, on a per capita basis, most tweets are originating from small American towns, such as New Haven, CT; Lubbock, TX; and Tulsa, OK, rather than big cities.

Overall, tweets about the Royal Wedding have quadrupled since the beginning of the month, averaging nearly 5,000 per hour over the last week and accelerating quickly in recent days. Sentiment has been mixed; 46% of tweets are positive, 43% are neutral and 12% are negative.

A Trendrr spokesperson says that the data has been difficult to track because of the volume and range of topics related to the wedding. The data doesn’t include, for instance, mentions of Kate’s ring, because tweets with the keywords “#Kate” and “ring” don’t necessarily refer to Kate Middleton. Including them would “spoil the data pools,” he said, meaning that actual discussion related to the event is undoubtedly much greater.

Thumbnail courtesy of Flickr, The British Monarchy

Source  -: http://mashable.com

Friendster Gets A Major Makeover.

Log on to Friendster today and you’ll see a background image that says ‘Watch this face! … on December 4′. Turns out the pioneering social network is in for a major revamp tomorrow, including a new logo, tagline (“Connecting Smiles”) and an entirely fresh look.

Friendster outlines some of the changes in a video (embedded below), in which it calls out other social networks (*cough* Facebook and *cough* MySpace) for being plain and boring.

My absolute favorite part of the video: “I mean, if everyone’s there, woop de doo”.

Friendster in the clip says the redesign aims to place more emphasis on 3 pillars: Simple, Fun and Personal. The company also features glimpses of the new website lay-out, which looks a whole lot like Facebook in my opinion, but seemingly mixed with the customization capabilities of MySpace (e.g. it looks like you can change the background color of pages with a single click). Apologies for the blurry screenshot, but watch the video to see it in action.

Friendster, founded in 2001, has raised over $45 million in venture capital to date, and is sitting on some potentially lucrative IP. It’s no longer hot in the U.S. any way you look at it, but it’s most definitely still a big deal in the Asia/Pacific region.

So much so that last year the company appointed Richard Kimber as its new CEO (he used to head Sales and Operations in South East Asia for Google) and has openly started shopping itself to potential buyers in the region over the Summer.

Source :- http://techcrunch.com

Facebook Launches ‘Send’ Button For More Selective Sharing, Announces 50 Million ‘Groups’


Facebook’s increasingly ubiquitous ‘Like’ button is getting a new friend: the Send button. Click on a webpage that has the Send button integrated, and you’ll be prompted to share it with any of your Facebook Groups, your Facebook friends, or any standard email address. In other words, where the Like button is designed to let you quickly share content with all of your Facebook friends, the Send button is for sharing with a subset of them.

Site designers are groaning right now (they have yet another sharing widget to integrate), but it’s a logical step for Facebook — there are certainly times when you want to share links with a handful of friends instead of your News Feed, and this gives you one less reason to fire up your non-Facebook email account. 50 sites are launching with the feature.

In addition to the new Send button, Facebook is adding a handful of features to its existing Groups product, which was overhauled last October. First is the introduction of photo albums for Groups. Before now it’s been possible to upload a single photo to a group, and now you’ll be able to upload a whole set. These photo albums are unusual because they’re walled within the Group — only other group members will be able to see them (even tagged photos aren’t visible to people on the outside).

The second addition is integration with Facebook Questions, which re-launched last month. Now you can pose a question that’s contained within the group.

Finally, and most important, is a new setting that will require Group administrators to approve any new members who have been invited to join the group. Up until now anyone within a Facebook Group was able to invite any of their friends (the idea was that you’d be violating the ‘social contract’ if you started inviting people who didn’t belong). But now Facebook recognizes that there are some groups that should be more private, so you can require admin approval.

Provided it gets broad distribution (which seems a given), the Send button will probably lead to a boost in Groups usage. It’s always been easy to share links within Groups, but this lowers the bar even further because you don’t have to leave the page you’re reading — you can imagine people using the button to share book reviews with their book club, close friends sharing new ideas for travel destinations, and so on.

And while ‘Send’ may not sound especially exciting given how long other sharing widgets have been around, this is yet another step in Facebook’s mission to reinvent email with their own “modern messaging system“, as CEO Mark Zuckerberg called it. One by one, they’re integrating easy ways to complete tasks that have traditionally been done over email. Today’s launch — sending links to friends — is obviously a huge one, and you can be sure they have others in the works. One other email-replacing feature I’ve heard about (though I’m not sure they’re still working on it): a way to send a structured poll to a subset of your friends.

Facebook says that there are now 50 million Facebook groups, and while not all of these are active, it says that the majority of them are.

Source :- http://techcrunch.com

Spam from your Facebook account? Malware attack poses as official warning

Cybercriminals are adopting a new disguise, following last week’s “Facebook password changed” malware attack.

Computer users are discovering malicious code has been sent to their email inboxes, pretending to be a notification from Facebook that their social networking account has been used to send out spam.

Spam is sent from your FaceBook account

A typical message reads:

Dear client

Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it's automatic mail notification!

Thank you.
FaceBook Service.

The attack would, perhaps, be a little more successful at fooling more people if it had gone through a grammar check and if the perpetrators had paid more attention to the fact that it’s spelt “Facebook” not “FaceBook”.

Nevertheless, there are doubtless some computer users who might be tempted to open the attached ZIP file and infect their computers with malware.

We’ve seen similar attacks before, of course – and I imagine that cybercriminals will continue to use ruses like this when spreading their malware. Plenty of people are hooked on Facebook, and a message telling them that their password has been reset is likely to send them into palpitations and they may open the unsolicited attachment without thinking.

After all, it’s not as though spam being sent from Facebook accounts is unusual.

If only more people realised that they cannot trust the “from:” address in an email, as it is so easily forged. In this case it presents itself as being from "Facebook Help" , but in reality it could just as easily be a Hungarian hacker, a Finnish fraudster or a Serbian scammer who initiated the widespread spam attack.

Sophos products intercept the attack as Mal/BredoZp-B.

If you are one of those many people who can’t get enough of Facebook in their lives, can stay informed about the latest scams by joining the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.

Source :- http://nakedsecurity.sophos.com/2011/04/19/spam-from-your-facebook-account/

Facebook Scam: Fake Event Invitation Claims To Show Who Viewed Your Profile

Another day, another Facebook profile scam.

This latest con, promising a peek at who has viewed your profile, is spreading via an event invite titled “WOW Now you can see anyone who looks at your profile!”

The invitation includes a link to a page that resembles a Facebook event page. Here, instructions guide you through copying and pasting a piece of javascript into your browser’s address bar, which you definitely don’t want to do.

Clicking the event’s “I’m Attending” button–don’t!–will likely push the scam to your friends’ news feeds.

In addition, an equally unsafe how-to video on getting free Facebook credits is embedded at the bottom of the phony page.

These kinds of Facebook scams surface frequently, sometimes as fake apps, other times as spammy Wall posts or instant messages. As usual, you should be wary of any Facebook event, app or message that promises to reveal who is looking at your profile.

If you’ve accidentally clicked on this invite, we recommend you remove all traces of the event from your news feed and wall, and double check your Facebook app settings.

Source : http://www.huffingtonpost.com

Gmail enables Sending emails in Background

Shows warning in case of any error to fix it

Google’s Gmail Labs is known for making nifty tweaks to the email service and thereby making it more efficient. This time, Google has added a new Background Send feature in Gmail Labs that lets users carry on with other tasks while the emails will continue being sent in background.

New Background Send feature can be enabled by accessing the Gmail Labs options available in Settings. Once you’ve enabled it, all you have to do is hit Send after you’ve composed an email and then carry on checking other emails.

Here’s a condition which indeed is important – browser tab/window needs to be active while sending email. Means you need to be logged in and must have an active connection. Enabling Background Send, hitting Send button and then simply shutting down the PC or Mac won’t guarantee that your mail has been sent.

In case the recipients address is not correct or if there’s any other issue while sending an email in background, Gmail will show a warning message on top of your Inbox. The warning message will offer you an option to fix it instantly or fix it later. On a successful dispatch of messages, user will receive text – your message has been sent, just above the Inbox.

What we can notice here is that slowly, Gmail is acting like a proper application with background sending of messages. Though it’s not more of a visual effect, it’s still quite an implementation.

Source :- Techtree Blog

%d bloggers like this: