FW: OT: Facebook Malware and virus infections

Richard Kreiss rkreiss at gccconsulting.net
Wed Mar 9 09:48:43 PST 2011


This is long but may be of use to some who are not familiar with Facebook.

 

This came from my Wife employers IT department.

 

Bob Rogers \  Information Systems Security Analyst
 <mailto:Bob_rogers at bshsi.org> Bob_rogers at bshsi.org
Bon Secours Health System, Inc. 
1505 Marriottsville Rd. 
Marriottsville, MD 21104-1301 
410-442-3202 

 

 

Richard Kreiss
GCC Consulting

rkreiss at gccconsulting.net
  

 

 

 

From: Kreiss, Susan [mailto:Susan_Kreiss at bshsi.org] 
Sent: Wednesday, March 09, 2011 11:49 AM
To: Richard Kreiss
Subject: FW: Facebook Malware and virus infections

 

I guess you are right, but Facebook is becoming so much a part of life I
don't think we can avoid it forever.

 

  _____  

From: Rogers, Bob 
Sent: Wednesday, March 09, 2011 10:14 AM
To: All HSO Employees
Subject: Facebook Malware and virus infections

 

Ladies and Gentlemen;

 

This is an excerpt from a security site I visit, and is a rather long
e-mail, but the information contained could prove valuable to you if you use
Facebook, either as part of your job at BSHSI, or at home.  

 

 

Facebook Malware and virus infections

 

I've seen a lot of Facebook malware and virus infections spreading though my
friends list lately, and after publishing a brief Facebook note about how to
stay safe, I decided it might be better to cover the topic again for a
broader audience.  Facebook Malware and virus infections take on many forms,
but ultimately it involves interaction with a malicious application that can
manipulate your account or spam your friends.

Many of these applications appear to be completely harmless - in fact; some
are designed specifically to mimic the appearance of legitimate Facebook
applications like photo notifications or wall posts.  It's natural to be
curious when somebody tags a photo of you, so your first instinct is to
click the link before thinking about where it will be taking you.

 

The bad stuff happens after you've clicked the link.  Typically, you are
required to authorize all applications before they can interact with your
account, but I have seen one in particular that seemed to automatically
approve itself just by clicking on a link.

Once a malicious Facebook malware or virus application has been approved,
several things can happen.  Best case scenario: the application will spam
your friends and only be a mild nuisance.  Worst case: the malware could
steal your personal information, monitor your activity, or spread viruses
and trojans to your friends (and even use your identity to do it).

This guide will help you identify Facebook malware so you can avoid
infection and will also provide tips on how to remove malware once you've
been infected.

What to Watch Out For

One example of Facebook malware I've recently observed are fake
notifications that say somebody has "posted something on your wall" or
"tagged a video of you", which you can see in the image below.  Notice that
the icon next to the notification appears strange, but many malicious
applications utilize standard notification icons which makes them hard to
spot.

 

These applications also typically bear unassuming names like "Comments" or
"Livefeed" which sound similar enough to features currently used on Facebook
that they do not arouse much suspicion.

If you click a notification and are taken to a page asking for access to
your profile, the most important thing to remember is never click allow.
Most Facebook malware can only interact with your account if you click the
allow button, so only click it if you are absolutely sure you want to use
the application.

 

If you see a suspicious notification and want to verify its legitimacy,
visit your profile directly by clicking the Profile button at the top of
Facebook rather than clicking the link in the notification.  If you can't
find a corresponding post on the wall, click the X on the false notification
and select "Report Spam" immediately.

 

What to Do If Infected

If you happened to click a strange link on Facebook or accidentally allowed
an application that appeared to be malicious, follow these steps right away
to revoke its access and protect your account.

Click the Applications button in the bottom left corner of Facebook and
select Edit Applications.

 

If you have the new version of Facebook, this option can be found under
Account (in the top right) then click Application Settings.

 

Try to locate the application you interacted with.  In my case, it was a
fake application called "Comments", but I've seen others listed as "Feed".
Click the X to the right of the application then click "Remove" to disable
it.

 

 

The application will no longer be able to interact with your profile once
you have removed it this way.

Extra Precautions

It doesn't hurt to follow the steps in the previous section even if you
think you haven't been infected.  Browse through your list of applications
that have access to your profile and remove any that you are not currently
using.

If you see fake notifications from a friend, you can manually block that
application to make sure you aren't accidentally infected.  To do this,
visit the application's homepage on Facebook (remembering not to click the
Allow button) and click Block Application.  This will completely stop the
application from interacting with your profile at all.

 

When you receive a fake notification from a friend, let them know about it
right away and have them follow the steps presented in this guide.  The
longer they are infected, the more time the malicious application will have
to spread itself.

Best Practices

Malicious applications won't always follow the methods I've described in
this article, so the best defense you can have is to always be aware of your
digital environment.  I'll leave you with a few tips for staying safe on
social networks:

Don't assume links and messages from friends are safe: Malware often takes
advantage of the fact that you trust your friends.  Keep an eye on links and
messages from friends, and if in doubt, ask them if they actually sent you
something.  Most of the time they will have no idea their account has been
spamming their friends.

Watch the links you click: Fake applications put a lot of effort into
looking legitimate, but many of them still carry tell-tale signs of being
malicious.  If you're suspicious of a link, hold your mouse over it and look
at the URL in your browser's status bar.  If the URL looks strange (i.e.
long strings of random characters or pointing to a site outside of
Facebook), think twice before clicking it.

Expand shortened links: Short links are very popular on social networks,
making it easier to share URLs.  The downside is that you don't necessarily
know where the link will take you, so consider previewing your short URLs
before clicking.

If it's too good to be true, it probably is: If see a link or message on
Facebook that claims you can monitor who views your profile or provide other
enticing information, there's a good chance it's a trap trying to lure you
in.

Stay updated - Many applications exploit vulnerabilities in your browser or
operating system to gain access to your information.  Stay safe by keeping
your browser up-to-date and installing operating system updates when they
are released.

 

Regards,

Bob Rogers \  Information Systems Security Analyst
 <mailto:Bob_rogers at bshsi.org> Bob_rogers at bshsi.org
Bon Secours Health System, Inc. 
1505 Marriottsville Rd. 
Marriottsville, MD 21104-1301 
410-442-3202 

Success is a ladder you cannot climb with your hands in your pockets.
~American Proverb 

Description: green

Need Technical support?  Please open a HEAT ticket.

E-mail:  <mailto:eissc at bshsi.org> eissc at bshsi.org  Phone: 866-809-9259

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.celestial.com/pipermail/filepro-list/attachments/20110309/52bd2d30/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4952 bytes
Desc: not available
Url : http://mailman.celestial.com/pipermail/filepro-list/attachments/20110309/52bd2d30/attachment.jpe 


More information about the Filepro-list mailing list