Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Blogs
    • Security Watch

    Facebook Campaigns Serve Up Nasty Cocktail

    By
    Matthew Hines
    -
    November 4, 2009
    Share
    Facebook
    Twitter
    Linkedin

      Anyone with a busy e-mail in-box has likely noticed the dramatic uptick in Facebook-related phishing campaigns making the rounds over the last several weeks.

      Waves of the threats are surging across the Web daily, encouraging users to click on an attachment based on their need to update their Facebook log-in information.

      For people like myself who don’t use the popular social networking site, it’s pretty clear that the campaign is nothing but an attack in waiting, but many of the messages do feature a fairly believable level of polish, using the same logo images and fonts typically employed by the networking site itself.

      Having taken a closer look at the widespread attack, researchers with McAfee are warning that the threats actually serve up far more than just a Facebook password phishing scheme, but also a dangerous cocktail of malware infections that will leave many affected endpoints squarely in the hands of electronic assailants.

      In a blog post authored by McAfee AVERT Labs researcher Arun Pradeep, the multi-tiered level of sophistication involved in the Facebook campaign is spelled out.

      First off, in addition to seeking people’s Facebook data, the threat downloads a keylogger malware attack that is aimed at stealing people’s credit card, social security, and banking passwords from their machines.

      And, almost predictably at this point, the attack also loads a rogue AV scanner application which also disables applications including Windows Notepad and Wordpad until users agree to pay for additional malware cleansing tools.

      “Phishing campaigns on social networking sites are not new,” Pradeep notes. “[But] scammers are not satisfied only pushing spam to sell ‘Canadian’ pills. Now they also want to sell fake security products, and they need all of our passwords,” the expert said.

      In terms of its delivery model, once a user opens the attached zip file claiming to offer the password update info, they are served up a spreadsheet file that, once opened, drops the actual malware cocktail onto their machine.

      After the malware takes root, it establishes a connection to the attacker’s server through the HTTP port and attempts to download more payloads, including the aforementioned keylogger. The attack then forwards any data that it can gather to a remote server through a backdoor.

      In terms of the phony AV angle, the rogue application enters through the same backdoor and then “covertly” installs itself before running and killing many applications that might be open, including Notepad, Calculator, Registry Editor, Task Manager, and others, Pradeep said.

      The attack does not go after Internet Explorer because it needs IE to communicate back with its malware server.

      So there you have it, if you’ve been wondering what all those Facebook spam notes were up to, McAfee’s taken off the wrapper for us. If you’ve already fallen for the ruse, it might be time to call in your IT staff, or to merely toss your PC out the window and start over.

      Just kidding. Sort of.

      Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

      Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

      Matthew Hines

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×