Monday, March 2, 2009

Phishing on Phacebook

We discussed how phishing schemes are designed to trick users into downloading malware onto their desktops. Phishing schemes are typically delivered via email and are designed to appear as a valid communication from a trusted source.

For example, we discussed the ever present email from "PayPal" that requests the recipient update their user account. Inside of allowing the user to update their account this PayPal phish will redirect the target to a server under the phishers control.

A new type of phishing scheme that targets social networking sites as opposed to email is now on the loose. According to Kapersky Labs the koobface virus, "

creates spam messages and sends them to the infected users' friends via the Facebook site. The messages and comments include texts such as Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments and many others. Messages and comments on MySpace and Facebook include links to http://youtube.[skip].pl. If the user clicks on this link, s/he is redirected to http://youtube.[skip].ru, a site which purportedly contains a video clip. If the user tries to watch it, a message appears saying that s/he needs the latest version of Flash Player in order to watch the clip. However, instead of the latest version of Flash Player, a file called codecsetup.exe is downloaded to the victim machine; this file is also a network worm. The result is that users who have come to the site via Facebook will have the MySpace worm downloaded to their machines, and vice versa.

Facebook and other social networking sites are ideal vectors for phishing schemes because users of these sites tend to trust communications from their friends. My best advice is to always be skeptical of messages with embedded links or downloads even if they were sent by your friends.

No comments: