Facebook scams now lead to exploit kits
Posted on 23.07.2014
The Facebook scam is a familiar phenomenon to every user of the popular social network, and most of them have fallen for it at one time or another as it only takes a moment of distraction to click on an interesting link.

Most of these scams don't do lasting damage to users or their computers but, as Symantec researchers noted, attackers have lately become more aggressive and are now using Facebook scams to exploit a user's system.

One example is the recent “EXPOSED: Mom Makes $8,000/Month From Home” scam, where victims are ultimately redirected to a third-party website containing an iframe for the Nuclear exploit kit.


The kit checks the victims' systems for exploitable vulnerabilities - usually Java, Adobe Reader, and/or Internet Explorer flaws - and if finds one, drops the Ascesso Trojan on the system.

This particular piece of malware sends spam emails and can download additional malicious files from a remote location.

"The attacker may entice victims to share the following links or they may be shared automatically if the victim’s computer has been compromised," the researchers noted.

If a scam such as this also contains the step where a user is asked to complete a survey before being able to see the offer, the scammer also earns money in the process.

This particular scam has been removed by Facebook but, needless to say, this is just a small bump in the road for the scammers - they will soon come up with a new ruse, so users are urged to be careful when following links shared by friends.









Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //