Malicious hackers use Facebook Wall for malware attack

Malicious hackers are trying to dupe Facebook users into downloading malware via deceptive Wall posts.

Facebook users are being targeted by malicious hackers through postings on the popular Wall section of the social-networking site, security company

Sophos said Thursday.

The Wall, a core feature of Facebook profile pages, is used by members to leave each other messages that in addition to text can also contain photos, videos, music and links to Web sites.

The malware attack comes in the form of a Wall message supposedly posted by a friend that urges members to click on a link to view a video on a Web site supposedly hosted by Google, said Graham Cluley, senior technology consultant for Sophos.

However, the link takes users to a Web page that isn't hosted by Google, where they are told they need a new version of Adobe's Flash player and are urged to download an executable file to watch the video.

The file is really a Trojan horse, Troj/Dloadr-BPL, that funnels other malicious code detected as Troj/Agent-HJX into users' machines. Once it has done that, it displays an image of a court jester sticking his tongue out.

While on the surface this might seem a practical joke from a friend, in reality it means the PC has been compromised and malicious hackers have gained control over it to use it for a variety of purposes, such as sending spam or distributing malware. "They now own your PC," Cluley said.

Malicious hackers have been employing this malware distribution technique for many years on e-mail messages, so many users know to avoid these traps. However, people may be less vigilant in more closed and controlled environments such as social-networking sites.

For example, in this case, the malicious Wall message is masked as coming from someone on the user's list of Facebook friends, increasing the likelihood that the link will be clicked on. "Be very suspicious of Wall postings asking you to click on a link to go watch a video," he said.

The friend whose name appears with the video has had his PC or Facebook account compromised in some way that lets malicious hackers perform actions without the friend's knowledge. It's possible that the affected friend previously fell for the "court jester" trap, and his PC and Facebook accounts are being used to propagate the scheme, he said.

The attack is the latest in a rising trend of malicious hackers using social-networking sites to distribute malware. These sites offer an attractive distribution channel because people feel safer and are more willing to follow links and perform actions if they think a friend is urging them to do so. In fact, it could be a malicious hacker posing as a friend,

If people click on a third-party Web site link and a message pops up asking them to download software into their machines, they should never go ahead with the software download. If they feel they should upgrade their Flash player, they should do so only from Adobe's Web site, Cluley said.

The news is also relevant for IT departments of companies where employees are allowed to use Facebook at work, Sophos said. Given the wide popularity of social networking for personal and business communications, IT managers should draft policies regarding the proper use of these sites by employees, Sophos said. IT managers should also consider whether they need additional security wares if they decide to allow these sites to be accessed from the office.

"The users inside your company may be more willing to click on a link in a Facebook Wall message than they would in a corporate e-mail," he said.

For example, many IT departments have installed products that scan e-mail traffic to intercept malware and spam, but with many Web sites now being used to host malware, it's a good idea to also install a security device that scans all office Web traffic and any software downloads that employees attempt to make.

So far, the Facebook Wall attack seems to target Windows PCs and laptops.

Facebook, which has about 80 million active users worldwide, didn't immediately reply to a request for comment.

The prompt to download an upgraded Flash player is apparently becoming popular with malicious hackers. This week, Adobe posted its own alert warning people not to fall for this trick. Apparently, the bogus Flash message is part of other malware attacks that use microblogging site Twitter and other social sites.

Last week, security company Kaspersky Lab warned of new worms targeting MySpace and Facebook users via automatically generated comments and messages to those on their lists of friends.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Juan Carlos Perez

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest News Articles

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?