Deja vu: New scams hit Facebook and Twitter

Phishers were having a field day with Facebook and Twitter on Thursday.

A new phishing scam hit Facebook users that, like others in recent weeks, sends them to a Web site which steals their log-in information and also secretly downloads malware onto computers when they visit the malicious Web site in what is known as a “drive-by download.”

Meanwhile, Twitter users were getting messages from new followers that were posting links to a fake Twitter site with “tvvitter” in the tiny URL, Graham Cluley of Sophos wrote in his blog. His blog has a video of the phishing attack in action. Twitter representatives did not immediately respond to e-mails seeking comment.

In the Facebook attack, messages circulated with a subject line of “Hello” and a prompt to check out “areps.at” or other URLs ending in “.at”.

The URLS, before being blocked, directed the visitor to a fake Facebook page. If you logged in to the site, it would steal your e-mail and password, log you into Facebook, automatically change your password, and send the same message to all your Facebook friends, according to the All Facebook blog.

The malicious Web sites also spread the Koobface worm and install the Trojan.BHO, among other malware, onto unsuspecting computers, according to a CNET News test using Internet Explorer. But the URLs were blocked by Firefox and flagged as a “Web Forgery” as of 9:50 a.m. PDT.

“Whoever is behind the scam has been steadily amassing a large number of e-mail addresses and passwords over the past few weeks,” the blog says. “Some days as much as three scams will spread throughout the site (possibly even more). Facebook rapidly shuts down all references to the site but by then the scam has spread to thousands of users.”

Facebook spokesman Barry Schnitt said: “The impact of this attack or the previous ones are not widespread and only impacted a tiny fraction of a percent of users. We’ve been updating our monitoring systems with information gleaned from the previous attacks so that each new attack is detected more quickly.”

The site has blocked links to the new phishing sites from being shared on Facebook, added them to the block lists of the major browsers, and is working with partners to have the sites taken down completely, he said. Facebook also is cleaning up phony messages and wall posts and resetting the passwords of affected users.

Continue Reading this Article at CNET Security.

Categories

• Better & Faster
• Economic Effects
• Green Ideas
• Technology
• Uncategorized

Links

• Documentation
• Development Blog
• Suggest Ideas
• Support Forum
• Plugins
• Themes
• WordPress Planet

Archive

• May 2009

Tags