More than one hundred and ten
thousand Facebook users have been infected by a serious virus. This
virus tricks the user as if it is giving them an update for the flash
but is really infecting the computer with the Trojan which lets the
creator take control of the computer.
While we see social engineering attacks and breaches
through Facebook every day, some being very violent than the others,
this particular one was notable due to its massive scale and the way by
which it deceived Facebook users. This Trojan virus spreads itself via a
links to a pornographic video which allows the malware to spread from
account of the previously infected user of Facebook and then it tags
almost fifteen to twenty Facebook friends.
Once the target is lured in and clicks on the video
in the post, they will get a preview of the porn video which stops and
then asks for a fake flash player to be downloaded once the fake flash
player is downloaded and executed the system of the user gets infected.
Image Source: Google Images – Actual video that is infected with the Trojan virus showing the flash player update
The person who discovered this malware Mohammad Reza
Faghan who is an internet security researcher and also specializes in
security related to social media.
“We have been monitoring this malware for the last
two days where it could infect more than 110 thousand user only in two
days and it is still on the rise. This malware keeps its profile low by
only tagging less than twenty users in each round of posts,” said
Mohammad Reza Faghan.
Faghan further explained that a typical Trojan
created especially for online social networks would send messages on
behalf of the victim to a number of victim’s friends. Upon infection of
those people the malware could only go one step further and infect the
friends or initial victim’s friends.
Image Source: Google Images – Software update windows showing the deceptive flash player update
On the other hand this virus uses a new technique
which we call “Magnet”; the malware gets more visibility to the
potential victims as it tags the friends of the victims in a malicious
post. This leads to hijack the Facebook account so that the malware
could post in their name.
“The Trojan tags the infected user’s friends in an
enticing post. Upon opening the post, the user will get a preview of a
porn video which eventually stops and asks for downloading a (fake)
flash player to continue the preview,” explains Mohammad Faghan.
Thomas George another social media security expert
from Check-N-Secure further explains by saying that this theory is
called epidemiology known as the basic reproduction number or R-Nought.
Example, the number of people each victim is likely to infect. An
R-Nought of less than one – for instance with massive hit and hope spam
email attacks is likely to die out on its own, unless more emails are
sent, because the users are not infecting each other at the same time.
However, anything more than 1 can spread on its own accord. That is
because without further effort from the attackers, more victims are
being claimed. On the basis that each infected user is then spreading
the Trojan to more than fifteen people or friends to precise. This
causes an enormous issue in stopping the spread and more importantly,
cleaning up the users that have fallen into this trap. Due to the scale
and inter connectivity of Facebook, this is potentially a fatal flaw.
So the question comes to mind why porn and why
Facebook. A regular porn user will not go to Facebook or any other
social media site to complete their needs. Reason being is because
Facebook and most of the other social media platforms do not allow such
content on their servers. However, a hacker with good knowledge related
to these particular websites will use three basic mediums on Facebook
to create their own technicalities in this rule.
First and foremost, content on Facebook spreads like
wildfire with a limited number of employees working for Facebook which
makes it too slow to follow up. As a hackers rule the first four house
of a phishing attack are the most lethal ones. Mainly because people
only use Facebook when they want to update a status or when a
notification pops up. Making a massive audience bound to see the fake
message or post within minutes of receiving the notification. This
limits the staff of Facebook – that works in the security department –
to check the problem.
Secondly, people have subconsciously started trusting
Facebook a lot. That is because of its vast popularity and due to the
fact that it has been there almost for the past ten years. This makes
Facebook completely different than other websites present on the large
cloud of internet; making it difficult for general population to
understand the fact that the websites linked to on the network are
hosted externally and that porn videos posted there are no less likely
to carry malwares or viruses than those found elsewhere.
In order to stop this massive attack and if you think that you have been infected simply follow the steps below:-- Scan your system with Hitman Pro (http://www.surfright.nl/en/hitmanpro/cyscon-en). It is there to enhance your existing antivirus program and focuses on deleting malwares and Trojans.
- Install an auto updater CSIS Heimdal Security Agent (https://heimdalsecurity.com/en/). This software constantly searches for new updates for your system and installs them automatically.
- Switch your operating system updates to “on”. Since these updates have different sets of security patches which later helps your operating system determine a potential threat and than deleting them. It also enhances the protection software or antiviruses that are installed in your machine.
Anonymous recommends: Protect your PC & mobile devices from hackers & governments & surf anonymously
Source:
http://seclists.org/fulldisclosure/2015/Jan/131
http://rt.com/usa/228743-facebook-magnet-trojan-porn/