Hackers Use Facebook for Malware Attack
Users of the social-networking site recently bit a dangling carrot that hackers used to lure them to other Web sites, only to learn that they were victims of a malicious hacker attack.
Hackers, impersonating members' friends, attacked Facebook by convincing users on Facebook's Wall to view a video link that they said was hosted by Google. The Wall is a place were members post messages for friends.
The link did not take members to Google, which owns Facebook; instead, it took the unsuspecting members to a Web page where they were asked to download a version of Adobe's Flash Player and view the movie. Once users downloaded the fake version of Flash, the site installed a Trojan horse that channeled code into their PCs.
Nearly 1,000 to 2,000 users followed the link, according to Sophos senior technology consultant Graham Cluely, but it is unclear to Sophos and Facebook just how many of those users downloaded the Trojan horse.
Users were still unaware that their machines had been compromised, even when they were greeted by a court jester sticking out his tongue with a note reading, "Hello! Wassup with ya," because they assumed it was a friendly joke by friends.
Malware a Big Problem
Sophos, the Boston-based security company that discovered the attack, said by the time the members realized it wasn't a joke, their PC was under the control of a hacker sending spam and other malicious malware.
Facebook has placed a block to protect its Web site and has contacted members who were victims of the attack, giving them instructions on how to fix the problem.
In a post on Facebook's Web site by Max Kelly, head of security at Facebook, members were advised to report any spam messages they see. Kelly also warned members never to share...