Spam Target 400 million users of Facebook BIRMINGHAM, Ala, March 20, 2010
Is Your Computer Network Safe?
Facebook Users are Invisible to Most Virus Scans
A leading cyber-crime researcher at the University of Alabama at Birmingham (UAB) said: Cyber-criminals are using fake e-mails to target Facebook users and deliver computer viruses that were being detected only by one-third of the 42 most common anti-virus products as of noon Thursday, March 18, 2010.
According to security researchers at McAfee: Malicious software designed to steals passwords and other data has hit nearly 400 million users of Facebook.It has happened again that a computer attack on Facebook has tried to violate its security according to security researchers at McAfee. According to experts, Facebook’s high number of users makes it a prime target for spammers and hackers.·
- This threat is potentially very dangerous because there are over 350 million Facebook users who may be victims of this fraud,” the firm McAfee said in a report on the case.
- This latest Facebook password attack is ranked No. 6 on McAfee’s Global Virus Maps’ Top 10, which tracks consumer threats worldwide.
- Dave Marcus, McAfee’s director of security research and communication said that the messages appear to come from Facebook and comes with a return address that is fake but looks legitimate has such as “firstname.lastname@example.org”.
- The e-mail comes with an attachment, which users are prompted to open in order to receive their newly reset password. The attachment is installed on your computer once you ‘click’ on it. Through this, hackers can access any user name or key staff among those who are on the computer, in addition to gaining access to your Facebook account.
- The attachment infects a computer without any visible signs and is a Trojan horse program. Marcus added that the spam run contained a variety of malware programs, including password stealers, rogue antivirus programs or botnet code.
- We here add that Botnets are groups of computers that are often used for malicious activity such as sending spam or conducting denial-of-service attacks against Web sites and are controlled by hackers.
- The botnet code is engineered to avoid detection by antivirus programs and Many computer users don’t even know their computers are infected. Researchers speculate that the spam e-mail could be associated with the notorious Cutwail or Rustock botnets, however further investigation is required.
- Following the attack on facebook other social networking sites have not wasted time in warning the people on their site.
Facebook issued its own warning earlier in the week.
“Remember that Facebook will never send you a new password in an attachment,” said the post on Facebook’s security page.
Twitter has followed Facebook in warning users to avoid malicious emails with attachments that claim to provide a new password.
- The users should be vigilant and should not fall prey to such frauds. One clue that signals a user of a spam email is poor grammar and awkward phrases, such as the greeting: “Dear user of facebook.”
Macfree has displayed a copy of the scam emails and even a map showing the distribution of the attacks in a alert.
- Furthermore, Facebook is trying all measures to ensure safety of its users.Facebook executives are considering installing a warning system that would allow users to report suspected pedophiles, confirmed a spokesman for the company.
Gary Warner, the UAB director of research in computer forensics, says his team in the UAB Spam Data Mine has been tracking the Facebook spam campaign for the past three days. While it is not in the data mine's list of the top 10 most prevalent malware threats, Warner says the fake Facebook messages and related viruses are serious.
"The malware being delivered is called 'BredoLab.' It has been occasionally spread by spam since May of 2009," Warner says. "The UAB Spam Data Mine has observed at least eight versions of the Facebook BredoLab malware since March 16.
"What is troubling is the newer versions of the BredoLab used in this latest attack campaign are not being detected by the majority of anti-virus services - and that means the majority of users who unwittingly click on the bogus attachments linked to fake e-mails are going to have their computers infected," Warner says.
In this new campaign, cyber-criminals are using regular Internet e-mail services to deliver the false Facebook messages to the social media site's customers. The spam messages ask recipients to open an attachment in order to obtain new Facebook login information. Clicking the attachment exposes a user's computer to the BredoLab malware.
"Once a computer is infected with BredoLab, the cyber-criminals are able to add any other malicious software they desire to the infected computer, including password-stealing software, fake anti-virus software and spam-sending software," Warner says.
Warner warns that any legitimate company would never ask a customer to update his or her personal account information in an e-mail or through e-mail-embedded links or attachments.
"If there are questions about one of your account profiles, visit the site in question through your Web browser and log in as you normally would," he says. "If an entity has an important message for you, you'll be able to find it on its Web page."
Follow Warner on his top-rated blog for the latest on cyber-crime and computer threats: http://garwarner.blogspot.com/.
The attack was accomplished through what security experts call social engineering: The hackers got into the system, not through sophisticated firewall breaching techniques, but through the weakest link in the security system…according to security expert Robert Giesler.
“Ironically it isn’t the technology that is the problem. Probably 80-85% of all attacks against a secure network are accomplished through social engineering. They are targeting the weakest link, which is the human."
Giesler describes a process known in security circles as spear fishing, which involves a hacker seeking out an employee with system administrator privileges on a company’s network. With the advent of networking Websites like LinkedIn and others, such employees are not hard to find.
On Wednesday, McAfee security experts discovered a virus reportedly targeting social networking site Facebook and its 400 million users. The virus, which is spread through spam e-mail, warns the recipient that their password has been reset and provides a link to click for a new password. Once clicked the virus attempts to steal passwords and banking information from the infected computers.
Phishing attempts — which seek to get your log-in information as a way of trying to snoop around and get bank account numbers or any other personal information that can be used in identity theft — have been plentiful on Facebook as well as Twitter.
The "LOL — is that you?" attempt not only struck Twitter users last weekend, but those of social networking site Bebo.com, according to security firm Sophos.