Facebook malware scam takes hold
A “worrying number” of Facebook users are sharing a link to a malware-laden fake CNN news page reporting the U.S. has attacked Iran and Saudi Arabia, security firm Sophos said Friday.
If users who follow the link then click to play what purports to be video coverage of the attack, they are prompted to update their Adobe Flash player with a pop-up window that looks very much like the real thing. Those who accept the prompt unwittingly install malware on their computers.
Malware writers go where the crowds are. It’s always been so and one reason why Linux has far less to worry about than Windows. Microsoft has been slowly tightening the security of the OS. Not to where nothing can get in but making it ever harder for malware to get a foot hold. The user has to ok the installation.
They’ve been getting better at social engineering the appealing hook to get you to click on the link or do an update.
I am surprised that Adobe Flash is still the weak link. For years now, Adobe seems to continually win the most vulnerable software to hack. I know at one time they tried to address this but it looks as if it’s been left to the users to get around it by oking such installs.
Then too, I’m still amazed that the computing public hasn’t learned to be doubtful of strange installs. Being a sucker has had a big part in helping malware spread.
I no longer use Adobe’s PDF reader. It’s too subject to the next attack. Flash is usually disabled by noscript and I’m not a big fan of allowing it to run. Just because I miss something in a flash movie isn’t the end of the world. You just have to know how to say no.
The scam to say you have malware and here’s where you pay to get rid of it, seems industry wide. Even the legal antivirus businesses try to use this but instead they will use very broad definitions of what defines malware in the trial version. They always tend to find something even if you ran a antivirus just before installing the trial version.
Well, I guess you live and learn but sometimes learning can be painful to the wallet.
Meaning they are prompt, by the malicious URL, to update their flash does not mean, flash is the infection path according to me.
The weak link is now Java…since Rhino exploit is in the wild.
80% of infections in modern EK. See:
https://lh4.googleusercontent.com/-2CVdCrroNlQ/Ty99GGLEAII/AAAAAAAAA0g/aqkFscZG9uE/s912/screenshot_75.png