ΠΡΟΣΟΧΗ: Νέος ιός στο Facebook με βίντεο από το CNN!

Είδατε κάποιο post στο Facebook σας για το ξέσπασμα του Γ΄ Παγκοσμίου Πολέμου; Τότε το πιο πιθανό είναι ότι κάποιος ιός ''επισκέφτηκε'' τον υπολογιστή σας...

Η ''ψεύτικη'' είδηση που συνοδεύεται μάλιστα και από  βίντεο του CNN, ενημερώνει για πολεμικές επιχειρήσεις των αμερικανικών δυνάμεν κατά της Σαουδικής Αραβίας και του Ιράν.

Ήδη 60,000 χρήστες τoυ Facebook έχουν πέσει θύματα του ιού, που ανακοινώνει την έναρξη του Γ' Παγκοσμίου Πολέμου...

Για να δει κάποιος το βίντεο πρέπει να 'αναβαθμίσει' το flash player, το οποίο στη συνέχεια 'μολύνεται'  με trojan...

H εμφάνιση παρόμοιων ψεύτικων ειδήσεων είναι όλο και πιο συχνή στο Facebook και τα social media, ενώ αυτό που παραξενεύει τους ειδικούς είναι το πόσο γρήγορα εξαπλώνονται πλέον αυτοί οι ιοί...

US attacks Iran and Saudi Arabia? 

Malware spreads via Facebook status updates

 Graham Cluley

Beware of malware lurking on news websites claiming to containing breaking news stories.


Naked Security has seen a worrying number of Facebook users posting the same status messages today, claiming that the United States has attacked Iran and Saudi Arabia in a move heralding the beginning of World War 3.

Well, that would certainly get your attention, wouldn't it?
A typical status message looks like the following:

U.S. Attacks Iran and Saudia Arabia. F**k :-( [LINK] The Begin of World War 3?

If you visit the link mentioned in the status update, you are taken to a fake CNN news webpage which claims to contain video footage of conflict.

However, clicking on the video thumbnail prompts the webpage to ask you to install an update to Adobe Flash.

Of course, it's not a real Flash update, but malware instead. Remember, you should only ever download a Flash update from the genuine Adobe website.

The malware - which Sophos detects as Troj/Rootkit-KK - drops a rootkit called Troj/Rootkit-JV onto your Windows computer. In addition, Sophos detects the behaviour of the malware as HPsus/FakeAV-J.
Within the first three hours of this malware campaign, some 60,000 Facebook users had been duped into visiting the malicious link.

What isn't entirely clear at this point is how the message is being shared by so many Facebook profiles.
Regular readers may recall how Facebook users were hit by hardcore porn, violence and animal abuse images late last year. Ultimately, Facebook claimed that the messages were being spread via a self-XSS browser vulnerability.

It's possible that malicious code on users' computers is sending the message to Facebook without users knowing. To be on the safe side, you should scan your computer with up-to-date anti-virus software and ensure you have the latest security patches in place.

If you use Facebook and want to get an early warning about the latest malware attacks, scams and hoaxes, you should join the Sophos Facebook page where we have a thriving community of over 160,000 people.

http://nakedsecurity.sophos.com/2012/02/03/us-attacks-iran-and-saudi-arabia-malware-spreads-via-facebook-status-updates/