World War 3 Scam Spreads Rootkit Using Facebook

Since no important public figure died and all the prizes and outrageous videos offered in scams were used up, cybercriminals that rely on Facebook schemes to spread their malicious campaigns turned to news about the United States attacking Iran and Saudi Arabia.

Sophos experts found a large number of statuses on Facebook that allegedly point to a CNN article about the beginning of World War 3.

“U.S. Attacks Iran and Saudia Arabia. [expletive] :-( [LINK] The Begin of World War 3?” reads the phony status.

Users who click on the link are taken to a CNN replica webpage that presumably offers a video of the attacks.

Once the video’s play button is clicked, the unsuspecting victim is requested to install Adobe Flash Player 11.5 in order to view the content.

Instead of a Flash player update, the user is served with a piece of malware identified by Sophos as Troj/Rootkit-KK which drops a Troj/Rootkit-JV rootkit on the device.

Unfortunately, 60,000 Facebook members were already duped into clicking on the link that appears in the status messages. Even more worryingly, it’s not yet known how these phony messages manage to take over the statuses of customers.

One plausible scenario is that the so-called update somehow takes over the Facebook status without the user even knowing.

To make sure their computers are protected against such threats, internauts are advised to be on the lookout for these, or similar schemes. Never install browser component updates from other sources than the vendor’s site, or from completely trusted locations.

Also, an up-to-date antivirus can never hurt, especially if malware is involved such as in the case presented above.

Finally, refrain from clicking on links posted on social media sites, even if they seem to be spread by individuals from your friends list.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.