Sophos Cloud Optix
Beware of malware lurking on news websites claiming to containing breaking news stories.
Naked Security has seen a worrying number of Facebook users posting the same status messages today, claiming that the United States has attacked Iran and Saudi Arabia in a move heralding the beginning of World War 3.
Well, that would certainly get your attention, wouldn’t it?
A typical status message looks like the following:
U.S. Attacks Iran and Saudia Arabia. F**k 🙁 [LINK] The Begin of World War 3?
If you visit the link mentioned in the status update, you are taken to a fake CNN news webpage which claims to contain video footage of conflict.
However, clicking on the video thumbnail prompts the webpage to ask you to install an update to Adobe Flash.
Of course, it’s not a real Flash update, but malware instead. Remember, you should only ever download a Flash update from the genuine Adobe website.
The malware – which Sophos detects as Troj/Rootkit-KK – drops a rootkit called Troj/Rootkit-JV onto your Windows computer. In addition, Sophos detects the behaviour of the malware as HPsus/FakeAV-J.
Within the first three hours of this malware campaign, some 60,000 Facebook users had been duped into visiting the malicious link.
What isn’t entirely clear at this point is how the message is being shared by so many Facebook profiles.
Regular readers may recall how Facebook users were hit by hardcore porn, violence and animal abuse images late last year. Ultimately, Facebook claimed that the messages were being spread via a self-XSS browser vulnerability.
It’s possible that malicious code on users’ computers is sending the message to Facebook without users knowing. To be on the safe side, you should scan your computer with up-to-date anti-virus software and ensure you have the latest security patches in place.
If you use Facebook and want to get an early warning about the latest malware attacks, scams and hoaxes, you should join the Sophos Facebook page where we have a thriving community of over 160,000 people.
With this kind of trouble on the dramatic increase you really have to wonder how long Facebook will last. $100 billion? No way! Zuck should take the money and run for the hills before the investors realise what suckers they've been!
"The Begin of …"
Nice to see the usual level of English from the malware authors.
Nah, it wasn't that the malware authors can't speak, they were just trying to fit in with the average facebook junkie.
No Facebook for me! Too many privacy concerns and viruses; however, I do realize I am in a minority.
Those who make intelligent choices are always in the minority, Vicki.
Suckers…
Snow ?!?!?
The mountainous north and west of Iran gets quite a lot of snow, but an attack would not begin there!
Right there with you. I refer to it as FaceF**k…
something new!, a windows virus.
That does it – I'm upgrading to Linux! This crap doesn't run on Linux, and "updates" for Flash, or anything else, are available from trusted repositories.
Don't you mean downgrade to Linux? Nobody intentionally installs Linux on their PC unless they are nerds. Even Android phones are ashamed of their nerd background.
Or they're sick of a worthless operating system like Windows.
Is it snowy in iran?
In parts, particularly its ski resorts (http://en.wikipedia.org/wiki/List_of_ski_areas_and_resorts_in_Iran).
Have a look at some of the street scenes here. (They’re about as bad as our lot at keeping the roads passable.) http://www.persian.asia/photos/album/snow
(I saw you were going to be prosecuted, Bill.)
Malware is part of the social experience that binds people on Facebook together.
I love malware, tastes like chicken!
No it's not snowy in Iran, that's silly, that's a US tank firing from New Jersey!
Well – the overwhelming evidence for the need for rapid introduction of DNSSEC globally is now here. 2011 was a watershed! The end-user must have confidence that the Internet site they are visiting is the one they intended…after all, isn't that the way with our ordinary telephone? We trust the telephone exchange – we must now TRUST the DNS. Will it require legislation to make this happen – I am afraid si given the "snail pace" of DNSSEC deplyment.
this exploit had nothing to do with DNS security. zero, zilch, nada. Bill you either have: 1) no clue as to what you're talking about, or 2) such an interest in DNSSEC deployment you would be willing to make such a foolish statement in the hopes that it will somehow compel folk to urging along it's progress.
I would suggest another approach you may find emminently more rewarding: 3) take a piss in the wind. It may not help the deployment of DNSSEC but at least you may end up with a warm feeling and don't have to lie to get it.