Facebook has seen a big increase in recent years of hackers attempting to exploit the 400 million-users trust (or should that be stupidity?) in the social networking website. For example, emails have been previously sent to Facebook users stating that the passwords on their FB accounts had been reset and requested that they needed to click on the attachment to acquire their new login information. This is known as ‘phishing’. Why do they do it? Money. This trend has unfortunately led to bank passwords and other sensitive information falling into the wrong hands.
Perhaps the most well-known problem on Facebook is a computer worm called ‘Koobface’ – which is an anagram of Facebook. This worm sends messages/wall posts on behalf of the infected user. A link is within the message, which will ask the user to download and install a newer version of Adobe Flash player. However, this download actually contains a malicious file that, once opened, uses your Facebook account to continue posting this malicious link on your behalf, thus spreading the virus.
Links featuring LOL or YOUTUBE should be avoided. The sentence “Check out this YouTube video of you….LINK” is also a common method of the virus being spread. If the link is opened the trojan virus will infect the computer and the PC will become a Zombie or Host Computer. According to Wikipedia, the SecDev Group and the Citizen Lab in the Munk School of Global Affairs at the University Toronto, Koobface has actually generated a whopping $2 million from June 2009 to June 2010.
If you suspect that you have been ‘koobfaced’ then shut down your computer and restart Windows in ‘Safe Mode with Networking’ by holding down F8 when your computer starts up. Visit www.trendmicro.com and use the excellent online malware scan they have provided. If you feel that you may have been the victim of any form of Facebook phishing scam, then you need to run a virus scan and change your Facebook password (and any other website password that is linked to your Facebook account).
Certain malicious websites contain code that can make your browser take action without your knowledge or consent – which is called ‘clickjacking’. Clicking on a link on one of these websites might cause the website to be posted to your Facebook profile. Usually it will tell you that your video player is out of date and needs updating — a common occurrence in web browsers, so you might just click to approve it without looking. If you do that, and download and run the file, then the video will be posted onto the wall of every one of your friends, along with the same message.
These clickjacked pages basically feature a set of dummy buttons with hidden buttons underneath a transparent layer. People click on the buttons that they can see, but are actually activating the button on the hidden page. The problem is that the “hidden page” may be an authentic page and these tactics can be used to trick users into performing actions they didn’t want to perform.
Protection against clickjacking can be added to Mozilla Firefox versions by installing the NoScript add-on: its ClearClick feature, released on 8 October 2008, prevents users from clicking on invisible or “redressed” page elements of embedded documents or applets.
However, as with any computer safety advice, the key is not to click on links unless you are one hundred-per-cent certain that the link is safe. Facebook do actually have a useful official security page that you should check every so often to keep yourself up-to-speed with any security issues.
Alas, you risk being an embarrassed (or angry) face on Facebook if you now fail to avoid these problems!
This is a guest article contributed by Andrew Parker, he works for computer forensics specialists Intaforensics: http://www.intaforensics.com