Top Nav

New Facebook Worm Posts Updates Automatically Infecting Friends

facebook hacker exploitOUCH….  I just got an update on Facebook from a friend asking what I was doing in a video they saw.  I clicked on the link and discovered I needed to login again to Facebook again…  Huh, that’s odd I thought as my fingers quickly leveraged muscle memory and banged out my username and password again.  And just when my pinky was pressing the enter key, that voice in my head went off and I realized I didn’t check the URL on the link.  Sure enough, the site I just logged into was NOT Facebook.com even though it looked just like Facebook.  Crisis mode…

I quickly jumped back into my REAL Facebook account and checked who else received my friends “message”.  Sure enough, the same message was being posted to every one of her friends obviously through an automated worm which I probably just picked up.  Groovy…  I just fell victim to a classic Phishing attack.

How did this happen and how can you stop this from happening to you?

image Here’s the post I got on my wall and as you can see, it looks like an app.facebook.com but it redirects you to an outside site which asks you to login so it can harvest Facebook accounts.  They did a good job with this one (unfortunately).  As you can see from the URL, although it might look exactly like Facebook, it’s not.  Yup, typical Phishing con.

image

I got a post on my wall that looks like this, what should I do?

Fist things first, DO NOT follow this link, if you see this message or anything close to it, simply delete the post so no one else will click it either. Next you should call, text or email the person who you got this from to let them know their account was compromised. It’s important to let them know because they’ll need to get rid of the culprit. You can direct them here to find out how in the next step.

imageMy account is sending out posts to all my friends, what can I do?

Step 1  – Login to your Facebook account and go to Account | Application Settings

Step 2 – Confirm you have the following two applications:

  1. coma estas
  2. Veoh Videos

Step 3 – Go to the little x on the right side and delete both the applications.

image

image

Once you delete those two applications your auto updates/posts should stop right away. I also highly recommend you change your password immediatly since they collected it earlier.

These types of things will most likely get worse in the future so we need to always be aware of what we’re agreeing to or signing up for when allowing applications to access our Facebook account. In this case, the malware appears to only be interested in spreading itself but just imagine if it might have been something REALLY nasty….  Hopefully it didn’t…

So, be smart on the web, don’t do what I just did by not checking the URL before clicking on it.   We always want to be certain that we’re giving our information to the correct place, because the last thing we want is our user ID and passwords floating around in a hackers database!  Yeah, not groovy!

More Reading:

,

3 Responses to New Facebook Worm Posts Updates Automatically Infecting Friends

  1. KM September 26, 2010 at 10:11 am #

    Any suggestions on how to find all the posts the worm has made using my account? I can sift through all my FB contacts if I have to, but for some people, it could take all day. There’s no notice on my wall of most of these posts.

    • Jordan Austin September 27, 2010 at 8:54 am #

      From what I’ve seen with this worm it takes several hours to actually have it kick in and start auto-posting. If it gets to this point all of the updates will be back to back so it should be fairly simple to see them in a row and delete them.
      I think the area that’s a little unclear to me is why a deleted update stays on someone’s profile even after the author has deleted it.

      Maybe someone else has more insight?

      Thanks!

  2. shockersh September 26, 2010 at 11:04 am #

    Don’t forget, this can happen ANYWHERE. I get phishing attack emails all the time saying stuff like:

    Hello – This is Bank of America Security. It appears your account has been compromised so we need you to login and confirm or dispute charges. Please click the link below to login:

    http://security-fraud.bankofamerica.help134.ru/bank-of-america-fraud/

    Crap like that! although the link LOOKS like Bank of America and the website looks like bank of America, it isn’t!

Leave a Reply