An alert Naked Security reader, George, sent us a tip that he had received a suspicious Facebook chat message from a friend asking him to view a photo album. George is an experienced computer professional and immediately thought it might be fraud.
It’s very likely that George’s friend was infected with Koobface, as this is a technique Koobface has used for quite some time to trick Facebook users. Koobface is known to use chat and messaging to spread on LinkedIn, Twitter, Bebo, Hi5, Myspace and nearly every other social network with a sizable user base.
The link from the chat pointed to an app.facebook.com/CENSORED link. Typically when you go to a Facebook app page it prompts you to add the application and grant it permission to post on your behalf or read your profile data. The scary part about this one is that it immediately prompts you to download a “FacebookPhotos#####.exe” file with no prompting or clicking required.
The screen reads “Photo has been moved. This photo has been moved to other location. To view this photo click View Photo.” If your computer has not already downloaded the malware, the “View Photo” button will download the malware for you.
It is really unfortunate that Facebook scams are moving back towards spreading malware. Fortunately, users of Sophos Anti-Virus had proactive protection from this threat with both our HIPS and suspicious file detection technologies. This malware is now identified by Sophos as W32/Koobface-BA.
While I was researching this malware and writing this blog, Facebook removed the malicious application from their service. There are likely many more applications like this one making the rounds, so, as always, beware of unusual messages from friends whether they are in email, on their walls, or in an instant message.
If you’re a Facebook user, I invite you to join our Facebook page, where we post all the latest security news and threats you need to watch out for. We also have a Facebook privacy guide explaining how to navigate the privacy settings, with recommended settings to control your profile.
For those of you who need to educate your users on how to safely use social media sites, you can download our free social media education toolkit.
Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/8Sf0raUgNUs/
Category: Security News