‘Clickjacking’ epidemic spreads across Facebook

June 4, 2010 By Leave a Comment

Washington, June 4 (ANI): Facebook seems to be facing an online epidemic – hundreds of thousands of Facebook users are falling in the “clickjacking” trap, according to web security labs.

Users are tricked into clicking links such as “World Cup 2010 in HD” or “Justin Bieber”s phone number” that their friends appear to have “liked”.

Once clicked, the site is recommended on Facebook too, and could pose danger of potential malware, even though currently there’s no such content on these sites. It also works across all computer operating systems.

The link generally takes the user through to a page containing an instruction, such as asking them to click a button to confirm that they are over 18.

However, wherever they click on the page it adds a link to their own Facebook profile saying they have also “liked” the site.

‘Clickjacking’ for now, is harmless, and does not actively result in any malware or phishing attacks, said Graham Cluley, senior technology consultant at Sophos.

“At the moment the attacks which we”ve seen are more like old-school viruses – written for the heck of it to see how many fans they can get.

“But our feeling is that it would be fairly easy for the bad guys to introduce some revenue generation for themselves,” BBC News quoted him as saying.

A free plug-in called NoScript, built for the Firefox web browser, includes pop-up warnings about potential clickjacks, but will also query clicks on Flash videos, commonly used on many websites – and it is not easy to install, said Mr Cluley.

“You have to be a little bit nerdy to configure it.” (ANI)

Filed Under: International News Tagged With: , , , , , , , , , , , , , , , , , , ,

Over 50 pct Facebook users could delete accounts over privacy worries

May 20, 2010 By Leave a Comment

London, May 20 (ANI): A security firm has suggested that more than half of Facebook users are considering deleting their profile from the site because of privacy concerns.

According to Sophos, a computer security organisation, concerns about privacy are running so high that 60 percent of the 1,588 Facebook users questioned said they were considering deleting their accounts.

A further 16 percent said they had already stopped using Facebook because they felt they had inadequate control over their data, while a quarter said that they would not be quitting the social networking site, which has almost 500 million users worldwide.

Facebook has attracted criticism in recent weeks for the perceived complexity of its privacy settings, and the fact that users have to opt-out of sharing some of their information with third parties, rather than give explicit consent by opting in.

Although Facebook is expected to look again at its privacy policy in the coming days, it may not be enough to halt an online campaign for a mass Facebook “suicide” on May 31, with thousands of users encouraged to delete their accounts.

“This poll shows that the majority of users are fed up with the lack of control that Facebook gives users over their data,” the Telegraph quoted Graham Cluley, senior technology consultant at Sophos, as saying.

“Most still don”t know how to set their Facebook privacy options safely, finding the whole system confusing.

“What”s needed is a fundamental shift towards asking users to ”opt-in” to sharing information, rather than to ”opt-out”.

“A mass exodus from Facebook seems unlikely, but users are clearly getting more interested in knowing precisely who can view their data.

“People use Facebook to share private information and are unlikely to want their holiday snaps or new mobile number accidentally popping up all over the Internet,” he added. (ANI)

Filed Under: International News Tagged With: , , , , , , , , , , , , , , , , , , ,

Warning for Facebook users: ‘Sexiest video’ message contains malware

May 19, 2010 By Leave a Comment

London, May 19 (ANI): Facebook users are being warned not to click on a message that promises to deliver the ‘sexiest video ever’, as when opened it leads to the download of a programme that fills the computer with junk.

The video link appears in newsfeed together with a picture of a pneumatic model or a woman on an exercise bike wearing a miniskirt.

According to Wired.co.uk, the malware installs ‘adware’ called Hotbar, which makes the creator money and will pop up adverts when Internet Explorer and Windows Explorer are used.

The toolbar’s buttons will change depending on the site, but it will generally open up more unpleasant sites if one clicks the buttons.

It will also install skins for Internet Explorer, Outlook and Outlook express and start collecting user data.

IT security and data protection company Sophos says thousands of people are falling for the trick.

A video demonstrating the scam has been posted to YouTube by Websense Security Labs.

“You may want to watch a sexy video, but you’re more likely to end up being plagued by pop-up advertising,” Sky News quoted Graham Cluley, senior technology consultant at Sophos, as saying.

“Not only is adware being installed on your computer, but the rogue Facebook application is posting the same message to all of your friends’ accounts,” he added.

Cluley also said that Facebook users hit by the attack are advised not to click on the links or allow the Facebook application to run.

Victims are urged to scan their computer with up-to-date anti-virus software, change passwords, and review all Facebook applications and settings. (ANI)

Filed Under: International News Tagged With: , , , , , , , , , , , , , , , , , , ,

Hackers capitalise on Swayze’s death

September 17, 2009 By Leave a Comment

Sydney, Sept 16 (ANI): Hackers are using Patrick Swayze’s death to push off spurious anti-virus software to Internet users and infect their computers with viruses.

The 57-year-old Swayze died of pancreatic cancer on Monday.

Many bogus websites claiming to provide information on the death of the Dirty Dancing star have mushroomed up.

Computer security company Sophos recently showed in a recent video that hackers list these sites on the first page of search engines like Google.

Visitors to these sites are asked for an anti-virus scan and the result shows that the user’s computer is infected by Trojans, which are actually not present. The sites then try to sell fake anti-virus software to the users to clean up their systems.

Many sites also infect the users’ computer with viruses that can crack passwords and credit card numbers and send them to the hackers.

Hackers have also used the deaths of Michael Jackson and Natasha Richardson to lead users to virus infected sites.

The Sydney Morning Herald quoted Sophos senior technology consultant Graham Cluley as saying: “Clearly the cybercriminals are no slackers when it comes to jumping on a trending internet topic, and are more professional than ever before in spreading their fake anti-virus scams.” (ANI)

Filed Under: Entertainment News Tagged With: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Twitterati should be aware of worms, warns experts

May 4, 2009 By Leave a Comment

Washington, May 3 (ANI): Social networking site Twitter suffers security breaches, an expert has warned.

According to Graham Cluley of antivirus firm Sophos, the microblogging site is prone to viruses created in the Javascript web-programming language.

The Senior Technology Consultant revealed that these viruses were capable of sending short messages or “tweets” under the user’s name and may even send their pals to phishing sites.

Cluley explained: “A couple of hours after Twitter says it has [a virus] under control a new worm appears using the same attack.”

The British computer programmer further warned that deleting an embarrassing or incriminating tweet, which may have been sent accidentally, still existed on the Twitter site, being searchable forever.

He said: “I think deleted should mean deleted.” (ANI)

Filed Under: Uncategorized Tagged With: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Cybercrooks take advantage of swine flu hysteria

May 3, 2009 By Leave a Comment

Sydney, April 30 (ANI): Cybercriminals are taking advantage of the swine flu buzz to sell counterfeit drugs and steal credit card details, Internet security experts have warned.

“The scare has spawned a spamming frenzy, like sharks smelling blood in the water,” the Sydney Morning Herald quoted Symantec’s Mayur Kulkarni as stating in a blog post.

F-Secure, an Internet security company, has made a list of 146 swine flu-related internet sites that have been registered over the last few days by scammers looking to collect ‘donations’ and peddle malware, fake pills and bogus swine flu survival guides.

McAfee, one of the leading security software makers, said that domain registrations of websites that included “swine” in their names were up by thirtyfold.

One of the new sites, noswineflu.com, tries to con readers into buying a PDF called “Swine Flu Survival Guide” for 19.95 dollars.

McAfee and Symantec also revealed a surge in spam campaigns exploiting the flu threat, which instead of delivering useful information distribute viruses and offer bogus pills that purportedly eradicate the flu.

When victims go to purchase any products offered by the spammers, the details of their credit cards are stolen.

Sophos, another internet security company, has warned that victims may also be sent bogus drugs purporting to be generic versions of the antiviral drug Tamiflu, which could pose health risks.

Cybercriminals are also using celebrity angle, with email titles such as “Madonna caught swine flu!” and “Swine flu in Hollywood!”.

The spam emails usually contain a link to a malicious website or what appears to be a PDF file, but is in fact a program that tries to steal user names and passwords.

Cisco IronPort estimated that swine flu-related messages already account for up to 4 per cent of the world’s spam.

The US Government-run Computer Emergency Readiness Team, US-CERT, has cautioned not to open any malicious links or attachments.

“If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code,” US-CERT said.

It added that all official information can be found on the website of the US Centres for Disease Control and Prevention. (ANI)

Filed Under: Uncategorized Tagged With: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

PC worm may turn nasty on April Fool’s Day

March 25, 2009 By Leave a Comment

London, Mar 25 (ANI): A security expert has cautioned that an Internet worm, called Conficker C, can strike at infected computers around the world on April 1.

Conficker C is a sophisticated piece of malicious computer software, or malware, that installs itself on a PC hard drive via specially written web pages and then conceals itself on a computer.

Graham Cluley, of the security specialist Sophos, has claimed that Conficker C is programmed “to hunt for new instructions on April 1″.

However, “this does not mean that anything is going to happen, or that the worm is actually going to do anything. Simply, it is scheduled to hunt a wider range of websites for instructions on that date,” The Times quoted him as saying.

And the biggest catch is that no one yet has any idea what exactly Conficker C is programmed to do.

In February, Cluley said: “It’s as if someone is assembling an army of computers around the world, but hasn’t yet decided where to point them.”

Experts are fearing that on April 1 all the world’s millions of infected computers may receive simultaneous instructions to attack, or to flood the Internet with spam e-mail.

Ed Gibson, Microsoft’s chief security adviser for the UK, was quite hesitant to make predictions about Conficker’s behaviour.

“April 1 is a classic date for anything like this to go off. But I really would hate to say that April 1 is going to be unlike any other day,” he said. (ANI)

Filed Under: Uncategorized Tagged With: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,