Blog Archives

Visit the New Facebook? Hacker warning spreads like wildfire on social network

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook users are posting warnings to one another about a hacker operating on the network, using the offer to “Visit the new Facebook” to break into pages and kick out the page’s legitimate administrators.

Unfortunately the alerts do not include enough information to be useful, and members of the public may be unwittingly perpetuating a hoax in the belief that they are helping their friends, family and online chums avoid a nasty virus infection.

Visit the new Facebook warning

THIS NOTICE IS DIRECTED TO EVERYONE WHO HAS A PAGE ON FACEBOOK: IF SOME PEOPLE IN YOUR PROFILE OR YOUR FRIENDS SEND YOU A LINK WITH WORDS "VISIT THE NEW FACEBOOK '' AND THERE IS THE LINK BELOW, DO NOT OPEN! IF YOU OPEN IT YOU CAN SAY GOODBYE TO YOUR PAGE. IT'S A HACKER WHO STEALS YOUR DETAILS AND REMOVES YOU FROM YOUR OWN PAGE. COPY AND SPREAD THE WORD

Although there are many scams and attacks which spread on Facebook every day, no-one appears so far to actually have gathered any evidence that this one exists – and there is probably more nuisance being caused by users passing on the warning than by any attack which may or may not have happened.

Users believe they’re doing the right thing when they share warnings like this – but unfortunately they haven’t always checked their facts.

Please don’t share security warnings with your online friends until you have checked them with a credible source (such as an established computer security company). Threats can be killed off fairly easily, but misinformation like this can live on for months, if not years, because people believe they are “doing the right thing” by sharing the warning with their friends.

If you’re a regular user of Facebook, be sure to join the Sophos page on Facebook to be kept informed of the latest security threats.

Source :- http://nakedsecurity.sophos.com

Advertisements

FBI says you’ve been visiting illegal websites? It’s a malware attack

The Seal of the United States Federal Bureau o...

Image via Wikipedia

Cybercriminals have spammed out a malicious attack, posing as a notification from the FBI that you have been visiting illegal websites.

Illegal websites email claiming to come from the FBI

A typical message reads as follows:

Subject: You visit illegal websites
Attached file: Document.zip

Message body:
Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Important: Please answer our questions! The list of questions are attached.

If you make the mistake of running the program in the attached ZIP file, you’ll find that your computer is hit with a fake anti-virus attack – designed to scare you into handing over your credit card details.

Sophos products intercept the email messages as spam, and also detect the attachment as Mal/Bredo-K and Troj/BredoZp-DM.

Of course, if you have your wits about you you would realise that the email looks very suspicious in the first place. But there’s always the danger that some folks will be so worried that the FBI believes they might have been visiting naughty websites, that they’ll click on unsolicited email attachments without thinking.

Source :- http://nakedsecurity.sophos.com

Spam from your Facebook account? Malware attack poses as official warning

Cybercriminals are adopting a new disguise, following last week’s “Facebook password changed” malware attack.

Computer users are discovering malicious code has been sent to their email inboxes, pretending to be a notification from Facebook that their social networking account has been used to send out spam.

Spam is sent from your FaceBook account

A typical message reads:

Dear client

Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it's automatic mail notification!

Thank you.
FaceBook Service.

The attack would, perhaps, be a little more successful at fooling more people if it had gone through a grammar check and if the perpetrators had paid more attention to the fact that it’s spelt “Facebook” not “FaceBook”.

Nevertheless, there are doubtless some computer users who might be tempted to open the attached ZIP file and infect their computers with malware.

We’ve seen similar attacks before, of course – and I imagine that cybercriminals will continue to use ruses like this when spreading their malware. Plenty of people are hooked on Facebook, and a message telling them that their password has been reset is likely to send them into palpitations and they may open the unsolicited attachment without thinking.

After all, it’s not as though spam being sent from Facebook accounts is unusual.

If only more people realised that they cannot trust the “from:” address in an email, as it is so easily forged. In this case it presents itself as being from "Facebook Help" , but in reality it could just as easily be a Hungarian hacker, a Finnish fraudster or a Serbian scammer who initiated the widespread spam attack.

Sophos products intercept the attack as Mal/BredoZp-B.

If you are one of those many people who can’t get enough of Facebook in their lives, can stay informed about the latest scams by joining the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.

Source :- http://nakedsecurity.sophos.com/2011/04/19/spam-from-your-facebook-account/

Google Chrome Warns Against Malicious Downloads

The browser now alerts users if the file being downloaded is malicious

Google boasts about several security features in its Chrome web browser. Now, Google has added one more feature in Chrome web browser which will alert users against malicious file downloads. Now that’s something every browser should ideally have so that users don’t have to be dependent on anti-malware programs. This experimental feature is currently made available to Chrome Development Channel for testing and initially, it will alert against malicious Windows executables.

The Google Safe Browsing API comes into picture when the browser checks if the Windows executable being downloaded originates from a malicious code bearing site or not. Also, it has the same privacy policy as in the Safe Browsing feature which means Google will never know what URL you’ve visited to download that particular file.

This new alert against malicious file download could be too small to be noticed. At times, users are in such a hurry that they click on the ‘x’ (Close) on any pop-up message. So instead of showing an alert just above the status bar, something more attention drawing is required to make this feature actually useful.

Google Chrome has been offering features such as alerts the users against faulty websites that intend to inject malicious code in the user system. Google accumulates data about such websites and makes it available via Safe Browsing API. Several web browsers – Google Chrome, Mozilla Firefox, and Safari make use of Google’s Safe Browsing API to warn users if they happen to visit webpages that have been coded smartly to inject malware code in the system.
Google didn’t promise any date when the feature would be implemented and made available via a stable build of the Chrome browser.
Source -: http://www.techtree.com/India/News/Google_Chrome_Warns_Against_Malicious_Downloads/551-115023-643.html

%d bloggers like this: