Facebook faces more trouble this week, as security threats make their way across the social networking site.
The latest is a variant of the Koobface worm, which targets all the major social networking sites, including Facebook.
Rik Ferguson, a security researcher from Trend Micro, explained in a blog post that he received a message via Facebook, directing him to a video. "The link had taken me to a site supposedly hosting a video posted by the same person that I had received the Facebook message from," he said.
"In fact not only was the malicious landing page displaying his name, it had also pulled the photo from his Facebook profile. A very neat little piece of social engineering."
The site prompts visitors to download a setup.exe file, which in fact holds the Koobface worm. "The worm connects to a respective site using login credentials stored in the gathered cookies," Ferguson explained. "It then searches for an infected user's friends, who are then sent messages containing a link where a copy of the worm is downloaded."
Ferguson warned users "to ignore such messages, and refrain from clicking links in unsolicited messages, even out of curiosity."
The worm follows previous security woes over the past week, including a pair of rogue applications which sent an error message to users of the site. The site also made headlines after changing its terms.
Rob Cotton, chief executive of NCC Group, said users of such sites need to learn to be wary. "The friendly, open nature of social media sites such as Facebook makes them easy targets for hackers as users are very trusting of the content."
"As web 2.0 applications become more mainstream, it is vital that people start to ask questions about where the content and applications are coming from," Cotton added. "We are all careful now about shredding our personal post at home, but we are dangerously unaware of the information we are handing out to online criminals."
Click here to read five Facebook surprises.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Exploitation of Docker remote API servers has reached a “critical level”News Hackers are targeting Docker’s remote access API as it allows them to pivot from a single container to the host and deploy malware with ease
-
Cyber criminal underground “thriving” as weekly attacks surge by 75% in Q3 2024Cyber attacks reached another all-time high this quarter as digital crime continues to be a highly profitable industry for threat actors
-
Alarm raised over patched Phemedrone Stealer malware that's being used to target Windows PCs - here's what you need to knowNews Phemedrone Stealer is being used to exploit a vulnerability in Windows Defender SmartScreen despite the issue being patched in November 2023
-
SOC modernization and the role of XDRWhitepaper Automate security processes to deliver efficiencies across IT
-
Uncovering the ransomware threat from global supply chainsWhitepaper Effectively mitigate ransomware risk
-
The near and far future of ransomware business modelsWhitepaper Discover how criminals use ransomware as a cyberweapon
-
Trend Micro security predictions for 2023Whitepaper Prioritise cyber security strategies on capabilities rather than costs
-
Latest Meta GDPR fine brings 12-month total to more than €1 billionNews Meta was issued with two hefty GDPR fines for “forcing” users to consent to data processing
