Reports are circulating of yet another malware scam targeting Facebook users. The sheer size of the social network, combined with the inherent trust users place in messages from friends and family through Facebook make it a prime target for malware attacks to exploit.
The security analysts at AppRiver report that they are detecting a new malware campaign targeting Facebook. The campaign tricks unsuspecting users into thinking the message is coming from Facebook. The e-mail appears to be an official Facebook notification indicating the reader can reconnect with friends, but the message is full of malicious links. Clicking on one of the malicious links will then redirect them through several different Web sites and load malware onto their computer through a hidden iframe exploit.
So, what’s the big deal? Is this Facebook malware attack any different than every other malicious attempt to exploit social networks? An AppRiver spokesperson explains “What’s unique here is that this virus campaign is also hitting smartphone devices (specifically BlackBerrys at this time) that have the Facebook application/icon installed. In other words, it’s not just utilizing email, but also triggering the application itself to make the campaign more believable.”
The AppRiver spokesperson added “Since the actual payload is not pushed down until after the infection occurs, this is a great opportunity for scammers to test the lengths of their campaign. For instance, if scammers can hook applications in this fashion, it may be an indicator of what’s to come in the future: an easier remote mobile device security breach. If successful, scammers may one day be able to send payloads to attack the mobile device causing a potentially severe data breach.”
AppRiver blocked approximately 15,000 messages–or 133 per minute–related to this attack. As of this morning, though, there appears to be a lull in activity.
Dave Marcus, Director of McAfee Labs Security Research Communications, offers this insight. “Malware and scams that target Facebook users are a very common occurrence in today’s threat landscape. With upwards of 500 million users, cybercriminals will continue to target Facebook users and abuse the Facebook brand itself as the social engineering lure in their various criminal schemes.”
Marcus advises “Today’s users need to understand the risks associated with surfing the internet in an unprotected or uneducated manner. Today’s Internet users need to look at safe searching technologies, comprehensive security suites that are configured correctly and updated daily, perform regular daily scans of their computers and even develop a healthy skepticism of what winds up in their various inboxes.”
Organizations could just implement policies prohibiting the use of social networking in the workplace, or block access to social network sites from the network. For companies that allow users to connect to social network sites from work, though, IT admins need to ensure that users are educated about the nature of potential threats, and condition them to exercise caution and view incoming communications with a degree of suspicion–even if they appear to be from a trusted source.