Facebook and MySpace users hit by cyber attacks
Friday 06 November 2009
Facebook users - already being targeted in a malware campaign - are now under threat from a phishing scam.
Security specialists Symantec report that the company's systems have picked up fake messages that appear to be sent by the social networking service.
Users will receive an email that looks like an official Facebook invite or a password reset confirmation.
If a duped user clicks on the 'update' button they will be redirected a fake Facebook site. They will then be asked to enter a password to complete the updating process.
As soon as the unwitting Facebook user does this, their password is in the hands of cybercriminals.
Dodgy subject lines for the phishing emails are: 'Facebook account update,' New login system' or 'Facebook update tool'.
The malware campaign that is still targeting Facebook is also propagated via email. This time, the message looks like a Facebook notification that the recipient's password has been reset.
It includes a zip file that, if opened, launches an .exe file, which Symantec's Security Response centre says is a net nasty called Trojan.Bredolab.
Once a users' machine is infected by this malware, it secretly dials back to a Russian domain and, Symantec says, "is most likely becoming part of a Bredolab botnet."
But it isn't just Facebook that is being lined up by cybercriminals; News Corp's MySpace is also under attack.
Potentially dangerous email subject lines to look out for are: 'Myspace Password Reset Confirmation,' 'Myspace office on fire' and 'Myspace was ruined'.
Symantec believes there will be another attack on MySpace in the next day or two.
"We also think that social networking sites with huge user bases are currently being targeted to infect maximum machines or gather passwords for more malicious activities in future," the security team said in a statement.
It advised users to be extra-careful of suspicious attachments, especially those including password reset requests. Legitimate websites will not send an attachment for resetting a password, it said.
Source: NZ Herald
Life & Style blogs
Who is Teresa Fidalgo? Debunking the fake ghost story that's got Instagram spooked
Geeks who rocked the world: Documentary looks back at origins of the computer-games industry
Ukip's official health spokesperson: 'Honestly, I have no experience in health whatsoever'
Deliberately urinating before sex can increase risk of urinary tract infections
Doctors to trial 29-point checklist for elderly patients facing 'unavoidable' death
British Muslim leaders outraged after Eric Pickles says followers of Islam should 'prove their identity'
UK terror fears: My jihadist son returned from Syria mentally scarred – now he is being ignored
Nigel Farage: NHS might have to be replaced by private health insurance
Billy Crystal: 'Stop shoving gay sex scenes in my face'
French court convicts three over homophobic tweets, in case hailed as a 'significant victory' by LGBT rights campaigners
'We would evict Queen from Buckingham Palace and allocate her council house,' say Greens
- 1 The truth about 'girl things': Three cheers for Heather Watson's honesty
- 2 Man who held up 'hire me' sign at Waterloo station returns a year later with 'I'm hiring' sign
- 3 Saudi preacher who 'raped and tortured' his five -year-old daughter to death is released after paying 'blood money'
- 4 Tennis fan suing Australian Open organisers for 'failing to shade spectators' during Murray match
- 5 Syrian refugee child beaten by Istanbul Burger King manager for eating customer’s leftover food
iJobs Gadgets & Tech
£25000 - £30000 per annum: Ashdown Group: Junior Test Analyst/Systems Administ...
£40000 - £65000 per annum: Recruitment Genius: A Global Real Estate Software P...
Negotiable: Recruitment Genius: This is an exciting opportunity for a talented...
£17000 - £26000 per annum: Recruitment Genius: Due to continuing growth, recru...