Go Back   SZONE.US Forums > Do it yourself (DIY) > Web Tips > Web Findings

Web Findings Here you will find information about the internet.

Most Hilarious Video attack on Facebook

Views:555
Reply
Thread Tools Search this Thread Rate Thread
  #1  
Unread 05.29.10, 04:41 AM
Zachariah Boren's Avatar
Zachariah Boren Zachariah Boren is offline
Administrator
 
Join Date: 02.07
Location: Canoga Park, CA
Posts: 928
Blog Entries: 6
Images: 10075
Send a message via ICQ to Zachariah Boren Send a message via MSN to Zachariah Boren Send a message via twitter to Zachariah Boren
Most Hilarious Video attack on Facebook

05.28.10 12:11 PM

Attacks on Facebook during weekends are unfortunately becoming a trend. For the third weekend in a row users on Facebook are bombarded with messages on their walls talking about Distracting Beach Babes, Sexiest Video Ever or this latest attack which supposedly is the "Most Hilarious Video ever" shown in the screen shot below.







We predicted that this attack would happen again and unfortunately we were right.



This attack is different from previous weekends as not only do the attackers try to steal your Facebook credentials, what happens after that depends on which country you connect from. Once you click on the link to view the video you are taken to a fake Facebook login page where you are tricked into entering your credentials. The login page look like the real thing except of course if you look at the address bar you can see that you're not on facebook.com. But users can easily be tricked into thinking that they temporarily were logged out of Facebook and to continue they have to login.







Regardless of what you enter in the login form you are then taken to a page on the real Facebook site that asks you to allow the application to access your profile. If you allow that you're taken to a page saying that you need to upload your FLV Player to view the video. Up until this point it's similar to how the two previous attacks have worked, except that this new one also has the phishing component. However, what happens now depends on which country you are connecting from.



If you are coming from a US IP address you are prompted to download the FLV Player, which is detected by 35% of antivirus engines, as can be seen in the screen shot:







However, if you're coming from a UK IP address you're taken to a quiz where they have to answer 10 questions.







Once completed the user then gets the chance to win an iPad! All they have to do is to fill in their address. So instead of tricking the user into installing a malicious file, this time they're after your information in addition to your Facebook credentials from the fake login page.







It's very likely that the behavior is different than the two examples we have described depending on which country you connect from. In our testing we only had the ability to test this attack from the US and UK but regardless of where you are connecting from you shouldn't click on the fake video and never, ever give you Facebook username and password to a website that is not facebook.com. We also recommend you to install Defensio, our free security app for Facebook that will protect your wall from posts like this. You can get it from http://defensio.com



Here's a video explaining this latest attack.










http://community.websense.com/blogs/...-facebook.aspx
Reply With Quote
Reply

Tags
attack, facebook, hilarious, video

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Rate This Thread
Rate This Thread:



All times are GMT -8. The time now is 06:18 AM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright 2007 - 20017 SZONE.US All rights reserved