Trolling through the spam traps this afternoon, I stumbled upon another scam targeting Facebook’s attractive 400-million user base. This one purports to be a toolbar that makes it easier to connect with folks on Facebook.
Of course the Download Here link leads to malware. Sophos detects this threat as TROJ/Zapchas-EP. The vast majority of spam continues to market Canadian pharmacies and other Partnerka scams, but spams that spread malware predominantly focus on social media.
From a social engineering aspect, the people behind these attacks are taking advantage of users who are accustomed to receiving regular emails from services like Twitter and Facebook. This regularity increases the likelihood a user will trust the message is genuine and choose to click the link or install the malware.
In this case, Sophos’s browser helper object (BHO) proactively blocked the attack. Anti-virus software would also stop this threat, but the earlier you can stop an attack, the better.
This week Michael Argast sat down with me for the Sophos Security Chet Chat episode 8 and we discussed the changes Facebook made with their new Instant Personalization initiative, the value of security certifications and whether organizations are irresponsible for becoming infected with “well-known malware.”