Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Twitter messages lead to phishing AND malware

Posted on 20.09.2012

If you have received a private message from another Twitter telling you "lol ur famous now", have followed it to a fake Facebook page requiring you to log into Twitter to see the video in question and have ultimately done what was asked of you, you are in danger of getting your account hijacked and malware installed on your computer, warns GFI's Chris Boyd.

The scheme is rather clever and far-reaching. After having entered their Twitter login credentials - and effectively giving them over to the scammers - the victims are redirected to a website displaying a fake YouTube video set against a fake Facebook background.

In order to view the video, the users are urged to download an update for YouTube player:

As expected, the offered file is no software update, but the Umbra malware loader, which creates hidden files, starts executables in folders, and enslaves the machine into a botnet.

The scammy app page has already been removed by Facebook but, nevertheless, users are advised to download software updates from official sources and not to trust every private message they receive via social networks.