Facebook scams now lead to exploit kits
Posted on 23.07.2014
The Facebook scam is a familiar phenomenon to every user of the popular social network, and most of them have fallen for it at one time or another as it only takes a moment of distraction to click on an interesting link.

Most of these scams don't do lasting damage to users or their computers but, as Symantec researchers noted, attackers have lately become more aggressive and are now using Facebook scams to exploit a user's system.

One example is the recent “EXPOSED: Mom Makes $8,000/Month From Home” scam, where victims are ultimately redirected to a third-party website containing an iframe for the Nuclear exploit kit.


The kit checks the victims' systems for exploitable vulnerabilities - usually Java, Adobe Reader, and/or Internet Explorer flaws - and if finds one, drops the Ascesso Trojan on the system.

This particular piece of malware sends spam emails and can download additional malicious files from a remote location.

"The attacker may entice victims to share the following links or they may be shared automatically if the victim’s computer has been compromised," the researchers noted.

If a scam such as this also contains the step where a user is asked to complete a survey before being able to see the offer, the scammer also earns money in the process.

This particular scam has been removed by Facebook but, needless to say, this is just a small bump in the road for the scammers - they will soon come up with a new ruse, so users are urged to be careful when following links shared by friends.









Spotlight

Emerging cloud threats and how to address them

Posted on 15 September 2014.  |  Public and community clouds can be appealing targets for hackers looking to disrupt or steal information from scores of organizations with one successful strike. Here are some emerging security threats and issues cloud providers and their clients should be aware of.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 16th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //