McAfee advises all users of Facebook to carefully analyze any email received from the social networking giant in the next few weeks as several users have reported receiving emails requesting they change their password. Phishing scams related to social networking sites like Facebook and Twitter have become one of the best methods for cyber criminals to compromise web security.
It's especially bad if a cyber criminals gain access to a Facebook user's account because people frequently use the same password for multiple websites and accounts.
Any email received ostensibly sent by Facebook that says a new password is available in an attachment should be discarded and reported to the company. Facebook does not reset passwords in this fashion.
"This threat is potentially very dangerous considering that there are over 350 million Facebook users who could fall for this scam," McAfee wrote on its blog. "This is also the sixth most prevalent piece of malware targeting consumers in the last 24 hours, as tracked by McAfee Labs."
In recent months, Facebook has been the target of criticism for its lack of action against the spread of malware. Ira Winkler, a Candian web security professional, sent an email to the company demanding that it remove an ad spreading scareware from the site last month.
Tag Archives: Facebook
FBI goes online to find all kinds of cyber criminals
The Federal Bureau of Investigation recently announced a plan to use social networks to target criminal activities that happen online, according to Information Week. The bureau will mostly seek information made public by account holders, but it did say that it will consider undercover work when necessary.
Of the three most widely used networks, Facebook, MySpace and Twitter, Facebook is the most helpful as it will often grant FBI agents accounts to investigate potential threats on its network. MySpace requires search warrants for any message older than 181 days, writes Information Week. Twitter remains the least useful as it provides no contact information for law enforcement.
The bureau's presentation made no specific mentions of crime. It appears that they will target any crimes they encounter, whether it be inappropriate conversations between a minor and an adult or the use of malware.
The federal government has addressed the issue of cyber bullying in recent months, however, in response to the suicide of Missouri teen Megan Meier in 2006. Meier hanged herself shortly before her 14th birthday that year after bullying took place on MySpace. The mother of another local teen was charged with her death after investigators found that she had bullied Meier.
Of the three most widely used networks, Facebook, MySpace and Twitter, Facebook is the most helpful as it will often grant FBI agents accounts to investigate potential threats on its network. MySpace requires search warrants for any message older than 181 days, writes Information Week. Twitter remains the least useful as it provides no contact information for law enforcement.
The bureau's presentation made no specific mentions of crime. It appears that they will target any crimes they encounter, whether it be inappropriate conversations between a minor and an adult or the use of malware.
The federal government has addressed the issue of cyber bullying in recent months, however, in response to the suicide of Missouri teen Megan Meier in 2006. Meier hanged herself shortly before her 14th birthday that year after bullying took place on MySpace. The mother of another local teen was charged with her death after investigators found that she had bullied Meier.
This you??? Twitter phishing campaign spreads rapidly
Filed under Security News
Tagged as account, Bebo, compromise, Facebook, phishing, this, Twitter security, you
Tagged as account, Bebo, compromise, Facebook, phishing, this, Twitter security, you
A shortened URL leads to a convincing Twitter login page. Twishing also spreads to Facebook.
The latest attempt to grab user names and passwords from Twitter users has been spreading rapidly on Twitter and Facebook. The phony direct message: “This you????” is followed by a shortened URL that leads to a pretty convincing Twitter login page. The malicious URL is also spreading on Facebook, where some users have linked their Twitter accounts.
This tactic has been used time and time again and is successful because it comes from a person being followed and trust on some level. A similar “This you” phishing campaign first surfaced last September. The domain name uses the same email address used in the previous campaign: lixing688 at gmail.com The domain is registered in Shang Hai. In addition, the URL also sends people to a phony Bebo social networking page.
Graham Cluley of Sophos posted a video demonstration of the This you??? phishing attack.
If you suspect any of your Twitter accounts have been compromised, change your passwords immediately.
Experts: Real-time search vulnerable to malware
The recent addition of real-time search results from blogs and social networking services has provided a fertile new target for cyber criminals, according to online security experts.
While standard search results are not uniformly spam- and virus-free, the instantaneous delivery speed of real-time results - most of which are currently delivered from Twitter, with Facebook to be added in the near future - makes filtering such search results difficult, writes USA Today.
That publication quoted sources at Google as saying that that company used "automatic and manual processes" to identify and block malicious website traffic and warn users against clicking on possibly malicious links, and said that Bing and Yahoo also "[took] great pains to deliver safe results."
Analysts say that any number of cyber security threats could use real-time seach as a delivery vector, including banking Trojans and bogus anti-virus products. The incorporation of real-time results into standard search engine traffic could prove particularly fruitful for the infamous Koobface worm, which already uses the same social networks that power real-time search to spread itself by spamming malicious links.
While standard search results are not uniformly spam- and virus-free, the instantaneous delivery speed of real-time results - most of which are currently delivered from Twitter, with Facebook to be added in the near future - makes filtering such search results difficult, writes USA Today.
That publication quoted sources at Google as saying that that company used "automatic and manual processes" to identify and block malicious website traffic and warn users against clicking on possibly malicious links, and said that Bing and Yahoo also "[took] great pains to deliver safe results."
Analysts say that any number of cyber security threats could use real-time seach as a delivery vector, including banking Trojans and bogus anti-virus products. The incorporation of real-time results into standard search engine traffic could prove particularly fruitful for the infamous Koobface worm, which already uses the same social networks that power real-time search to spread itself by spamming malicious links.
Koobface worm grows more sophisticated in web 2.0 attacks
Web security researchers are warning that the notorious Koobface worm that spreads on social networks like Facebook and Twitter has grown more sophisticated in order to evade detection and trick more savvy users into downloading malware.
The malware writers have relied on the proliferation of link sharing on social networks to spread the Koobface virus. Koobface sends out spam messages from hijacked user accounts containing malicious links to websites where users are prompted to download Trojan malware and phony antivirus software.
Kaspersky labs reported that the spam messages are now becoming more realistic, with different Koobface spam messages featuring random additions like "HA-HA-HA!" or "LOL," while the malicious URLs are better disguised through a different bit.ly shortened URL each time.
Although it was originally designed to propagate through Facebook and MySpace, Koobface now spreads througho eight other social networking sites, including Twitter, thanks to a program that steals a user's cookies from the social websites he or she has visited, Trend Micro reported.
Koobface can also install other types of malware on an infected PC, which makes it valuable to other cybercriminals who appear to be renting out the Koobface botnet of infected machines to install malware for data theft, search hijacking and selling rogue antivirus software.
Koobface also has a way of tricking users into breaking CAPTCHA images for it in order to spam a user's contact list.
The malware writers have relied on the proliferation of link sharing on social networks to spread the Koobface virus. Koobface sends out spam messages from hijacked user accounts containing malicious links to websites where users are prompted to download Trojan malware and phony antivirus software.
Kaspersky labs reported that the spam messages are now becoming more realistic, with different Koobface spam messages featuring random additions like "HA-HA-HA!" or "LOL," while the malicious URLs are better disguised through a different bit.ly shortened URL each time.
Although it was originally designed to propagate through Facebook and MySpace, Koobface now spreads througho eight other social networking sites, including Twitter, thanks to a program that steals a user's cookies from the social websites he or she has visited, Trend Micro reported.
Koobface can also install other types of malware on an infected PC, which makes it valuable to other cybercriminals who appear to be renting out the Koobface botnet of infected machines to install malware for data theft, search hijacking and selling rogue antivirus software.
Koobface also has a way of tricking users into breaking CAPTCHA images for it in order to spam a user's contact list.
Georgian blogger ‘Cyxymu’ target of DDoS attacks
Filed under Security News
Tagged as blogger, Cyxymu, DDoS, Facebook, Georgia, McAfee, target, Twitter
Tagged as blogger, Cyxymu, DDoS, Facebook, Georgia, McAfee, target, Twitter
The distributed denial-of-service attacks (DDoS) targeting Twitter, Facebook and other websites on Thursday were directed by Russian hackers at a Georgian blogger with the nickname Cyxymu, according to reports.
The blogger had been posting accounts of events leading to the conflict between Russia and Georgia last August to his blog and linked through Twitter and other social networks, he told the New York Times.
Attackers also bombarded email inboxes with spam that appeared to come from the Gmail email address of the blogger, in order to intimidate him and show him that he was the target of the attacks, according to the Avert Labs blog of web security firm McAfee.
By Friday, Twitter was back online after suffering a second wave of attacks. Cyxymu posted a message on his Twitter page that said: "My twitter is online! Thank you all for support after ciber [sic] attack from Russia!"
PC World reported that Twitter continued to experience DDoS attacks on Friday and into Saturday, but the company set up defenses to block the excess traffic.
A DDoS attack uses networks of malware-infected PCs, called botnets, to overwhelm a website with traffic. Similar cyberattacks occurred in early June that knocked out government websites in the U.S. and South Korea.
The blogger had been posting accounts of events leading to the conflict between Russia and Georgia last August to his blog and linked through Twitter and other social networks, he told the New York Times.
Attackers also bombarded email inboxes with spam that appeared to come from the Gmail email address of the blogger, in order to intimidate him and show him that he was the target of the attacks, according to the Avert Labs blog of web security firm McAfee.
By Friday, Twitter was back online after suffering a second wave of attacks. Cyxymu posted a message on his Twitter page that said: "My twitter is online! Thank you all for support after ciber [sic] attack from Russia!"
PC World reported that Twitter continued to experience DDoS attacks on Friday and into Saturday, but the company set up defenses to block the excess traffic.
A DDoS attack uses networks of malware-infected PCs, called botnets, to overwhelm a website with traffic. Similar cyberattacks occurred in early June that knocked out government websites in the U.S. and South Korea.
Time for social networks to take security seriously
Filed under Security News
Tagged as Facebook, networks, security, seriously, social, Sophos, Twitter
Tagged as Facebook, networks, security, seriously, social, Sophos, Twitter
The blossoming of web 2.0 social networking sites like Twitter and Facebook is benefitting many businesses that have tapped into them for viral marketing, but web security threats from spam to malware and identity theft are putting these same firms at risk, reports web security firm Sophos.
In Sophos' latest internet security report, the firm states that web 2.0 companies "are concentrating on growing their userbase at the expense of properly defending their existing customers from internet threats."
"What's needed is a period of introspection," said Graham Cluley, senior technology consultant at Sophos. "The honeymoon period of these sites is over."
Last week, a hacker who gained access to a Twitter employee's personal email account was able to infiltrate the company's Google Apps account to steal confidential documents, which were then published by some websites.
Facebook is attempting to clamp down on spam, phishing and malware by requiring users who have been hacked to go through a verification process when they attempt to access their profile again.
Sophos said businesses are worried about employees putting their employers at risk by exposing too much information on social nets, which is how Twitter's vital information ended up splashed across the internet.
One-quarter of organizations have been exposed to malware from social nets, Sophos said.
In Sophos' latest internet security report, the firm states that web 2.0 companies "are concentrating on growing their userbase at the expense of properly defending their existing customers from internet threats."
"What's needed is a period of introspection," said Graham Cluley, senior technology consultant at Sophos. "The honeymoon period of these sites is over."
Last week, a hacker who gained access to a Twitter employee's personal email account was able to infiltrate the company's Google Apps account to steal confidential documents, which were then published by some websites.
Facebook is attempting to clamp down on spam, phishing and malware by requiring users who have been hacked to go through a verification process when they attempt to access their profile again.
Sophos said businesses are worried about employees putting their employers at risk by exposing too much information on social nets, which is how Twitter's vital information ended up splashed across the internet.
One-quarter of organizations have been exposed to malware from social nets, Sophos said.
Facebook adds security tools to guard against ID theft, spam
The growing popularity of social network Facebook, which says it now has 250 million users worldwide, has made the site a prime target for cybercriminals. Now, Facebook is trying to help users fight back against spam, phishing and identity theft with added security measures.
When a user's account is hacked, Facebook will send a notification email as before, but going forward, hacked users will have to go through a verification process when they attempt to access their profile again.
Users will be prompted to pick a new, secure password and will be referred to the Facebook Security Page, with "tips and information on how to be safe on Facebook and across the internet," according to Facebook site integrity team member Jake Brill, writing on the Facebook blog.
"This new change will help us not only fight spam, but also spread the word about security on Facebook," Brill said in the post. "In the coming months, we'll be rolling out similar processes to address the different threats people may face."
Cybercriminals have recently targeted users with password-stealing phishing attacks, malware and worms including Koobface.
A recent survey by Webroot suggests social network users, particularly those under 30, experience cyberattacks at a greater frequency.
When a user's account is hacked, Facebook will send a notification email as before, but going forward, hacked users will have to go through a verification process when they attempt to access their profile again.
Users will be prompted to pick a new, secure password and will be referred to the Facebook Security Page, with "tips and information on how to be safe on Facebook and across the internet," according to Facebook site integrity team member Jake Brill, writing on the Facebook blog.
"This new change will help us not only fight spam, but also spread the word about security on Facebook," Brill said in the post. "In the coming months, we'll be rolling out similar processes to address the different threats people may face."
Cybercriminals have recently targeted users with password-stealing phishing attacks, malware and worms including Koobface.
A recent survey by Webroot suggests social network users, particularly those under 30, experience cyberattacks at a greater frequency.
Twitter suspends accounts of users infected by Koobface worm
Filed under Security News
Tagged as accounts, Facebook, infection, Kaspersky, Koobface, suspend, Trend Micro, Twitter, worm
Tagged as accounts, Facebook, infection, Kaspersky, Koobface, suspend, Trend Micro, Twitter, worm
Twitter on Friday said it was suspending user accounts that had been infected by a variant of the Koobface worm, which spreads itself by generating bogus tweets when the infected user logs in. The messages contain links to sites hosting the malware to infect other users.
Twitter said on its status blog Friday that the site was "suspending all accounts that we detect sending such bogus tweets."
Web security firm Trend Micro noticed a spike in Koobface activity on Twitter, saying on its security blog Friday that "a couple hundred" Twitter accounts were sending out the spam tweets over the span of a few hours.
Kapersky Labs, which detected the original Koobface worm last year spreading on Facebook and MySpace, said the number of variants had exploded from 324 to more than 1,000 at the end of June. The worm has been spreading on other social networking sites like Hi5, Bebo, Tagged, Netlog and, most recently, Twitter.
Comments and messages sent by the worm contain a link to a fake YouTube style website which invites users to download a phony Flash Player file that actually contains the worm.
"[T]he activity we've seen this month exceeds by far any other month in the past," said Stefan Tanase, a malware researcher at Kapersky.
Twitter said on its status blog Friday that the site was "suspending all accounts that we detect sending such bogus tweets."
Web security firm Trend Micro noticed a spike in Koobface activity on Twitter, saying on its security blog Friday that "a couple hundred" Twitter accounts were sending out the spam tweets over the span of a few hours.
Kapersky Labs, which detected the original Koobface worm last year spreading on Facebook and MySpace, said the number of variants had exploded from 324 to more than 1,000 at the end of June. The worm has been spreading on other social networking sites like Hi5, Bebo, Tagged, Netlog and, most recently, Twitter.
Comments and messages sent by the worm contain a link to a fake YouTube style website which invites users to download a phony Flash Player file that actually contains the worm.
"[T]he activity we've seen this month exceeds by far any other month in the past," said Stefan Tanase, a malware researcher at Kapersky.
Hackers hijack Britney Spears’ TwitPic account
Filed under Security News
Tagged as Britney Spears, Facebook, hacked, hackers, hijack, spam, TwitPic, Twitter, viruses
Tagged as Britney Spears, Facebook, hacked, hackers, hijack, spam, TwitPic, Twitter, viruses
Hackers broke into the TwitPic accounts of Britney Spears, Ellen DeGeneres and other celebrities to broadcast bogus information, the Associated Press reported.
The hacked accounts were discovered Sunday after TwitPic, the largest service for posting photographs to the micro-blogging site Twitter, noticed phony messages, including one that said Spears had died.
Twitpic, which is not owned or affiliated with Twitter, said on its Twitter feed that the company had "implemented a fix for the email posting vulnerability."
Hackers have increasingly hijacked user accounts on Facebook and Twitter to spread viruses and spam and to phish other users' account information.
Web security experts say phishing attacks on social networking sites are up to 10 times more effective than those sent via email.
A recent survey found that 30 percent of users of social networks had been subject to cyberattacks. Many users leave themselves open to attacks but publishing personal information that could be used for identity theft.
Among younger users, 51 percent use the same password on multiple sites and two-thirds share personal information that may compromise online privacy, the survey found.
The hacked accounts were discovered Sunday after TwitPic, the largest service for posting photographs to the micro-blogging site Twitter, noticed phony messages, including one that said Spears had died.
Twitpic, which is not owned or affiliated with Twitter, said on its Twitter feed that the company had "implemented a fix for the email posting vulnerability."
Hackers have increasingly hijacked user accounts on Facebook and Twitter to spread viruses and spam and to phish other users' account information.
Web security experts say phishing attacks on social networking sites are up to 10 times more effective than those sent via email.
A recent survey found that 30 percent of users of social networks had been subject to cyberattacks. Many users leave themselves open to attacks but publishing personal information that could be used for identity theft.
Among younger users, 51 percent use the same password on multiple sites and two-thirds share personal information that may compromise online privacy, the survey found.