Facebook and MySpace users hit by cyber attacks
Friday 06 November 2009
Facebook users - already being targeted in a malware campaign - are now under threat from a phishing scam.
Security specialists Symantec report that the company's systems have picked up fake messages that appear to be sent by the social networking service.
Users will receive an email that looks like an official Facebook invite or a password reset confirmation.
If a duped user clicks on the 'update' button they will be redirected a fake Facebook site. They will then be asked to enter a password to complete the updating process.
As soon as the unwitting Facebook user does this, their password is in the hands of cybercriminals.
Dodgy subject lines for the phishing emails are: 'Facebook account update,' New login system' or 'Facebook update tool'.
The malware campaign that is still targeting Facebook is also propagated via email. This time, the message looks like a Facebook notification that the recipient's password has been reset.
It includes a zip file that, if opened, launches an .exe file, which Symantec's Security Response centre says is a net nasty called Trojan.Bredolab.
Once a users' machine is infected by this malware, it secretly dials back to a Russian domain and, Symantec says, "is most likely becoming part of a Bredolab botnet."
But it isn't just Facebook that is being lined up by cybercriminals; News Corp's MySpace is also under attack.
Potentially dangerous email subject lines to look out for are: 'Myspace Password Reset Confirmation,' 'Myspace office on fire' and 'Myspace was ruined'.
Symantec believes there will be another attack on MySpace in the next day or two.
"We also think that social networking sites with huge user bases are currently being targeted to infect maximum machines or gather passwords for more malicious activities in future," the security team said in a statement.
It advised users to be extra-careful of suspicious attachments, especially those including password reset requests. Legitimate websites will not send an attachment for resetting a password, it said.
Source: NZ Herald
Life & Style blogs
WWE 2K15 gameplay trailer: First look at Sting, Triple H and Daniel Bryan in next-gen graphics
iOS 8 apps and features: eight iPhone settings you need to look at after you install the update
iPhone 'Wave': iOS 8 hoax claims you can charge your iPhone in the microwave - you can't
First day of Autumn: Google Doodle celebrates 2014 Autumn equinox
What does human meat taste like?
Scotland could still declare independence – even without referendum, says Alex Salmond
Scottish referendum results: Cross-party consensus collapses amid Tory-Labour spat on the 'English question'
Hilary Mantel 'should be investigated by police' over Margaret Thatcher assassination story, says Lord Bell
Scottish independence: David Cameron is becoming the 'George Bush of Britain'
Plebgate MP Andrew Mitchell called officer a 'little s**t', claim court documents 'exposing ex-Chief Whip's 'record of abusing police'
Archbishop of Canterbury admits doubts about existence of God
- 1 Hilary Mantel 'should be investigated by police' over Margaret Thatcher assassination story, says Lord Bell
- 2 Rihanna 'nude pictures' claims emerge on 4Chan as hacking scandal continues
- 3 Kim Kardashian 'nude photos' leaked on 4chan weeks after Jennifer Lawrence scandal
- 4 'F*ck it, I quit': KTVA reporter Charlo Greene quits live on air in spectacular fashion
- 5 Hitler’s former food taster reveals the horrors of the Wolf’s Lair
iJobs Gadgets & Tech
£40000 - £45000 per annum + pension, healthcare,25 days: Ashdown Group: An est...
£24000 per annum: Ashdown Group: An established and growing IT Consultancy fir...
£18000 per annum: Ashdown Group: An established and growing IT Consultancy fir...
£40000 - £45000 Per Annum + benefits: Clearwater People Solutions Ltd: Project...