Search this site:

2008-10-27

Facebook Messages with links.... Don't trust them!


Yet another social engineering attack from those evil-minded guys...

Recently I've received messages like this from my friends through Facebook message:

Subject: i toook thiis viideo wwith you sielntly. wnana hvae smoe funn?
COOL
http://google.kz/reader/shared/16556747877838055260?ch=acbbe266f6f903f628ac83c01d63820b
Another one:
Subject: Priivate ivdeo wtih you and yoour friennd. Who potsed it?
Hallo.: http://google.com/search?btnI&hl=en&q=%22creating+solutions+for+every+need%22

If you pay more attention, it is not hard to discover that the URL in the first message try to pretended to be owned by Google, and it's NOT Google. Google's URL is google.com, NOT google.kz, or any other similar ones. Even the one with localized domain name should still get the .com (e.g. www.google.com.hk)(OK, I was wrong. It seems to be really owned by Google. But look at the URL again, it actually indicated the URL is actually pointing to a page shared in Google Reader by other users, and the page may not be created by Google. So it's the same, there is nothing related to Google. The attacker just try to confuse you with the URL). The second URL is a bit cleverer, which make use of the "I'm feeling lucky" service provided by Google search. How do I know, the btnI parameter in the URL tells me this. The URL actually redirect you to the first search result if you search the terms "creating solutions for every need" (with quotes) in Google. It is ONLY the first search result returned by Google search but it is NOT from Google, and the page is UNTRUSTED!

I didn't click on the links yet (but to investigate, I will try to do so later when I have time), but my friends told me that after clicking the URL you will be prompted to install/upgrade your Flash player and a download dialogue of a EXE file will be displayed. After you run the EXE... BOOM! You are inflected and your friends will recieve similar messages like you do. (Huh, you don't think the virus are really from your friend, right...?)

Shame on them! I hate those guys abusing the trust between my friends and me. Let's be more careful to fight against such evil together! Here are what you can do:
  1. Don't open any URL inside Facebook messages, MSN messages, E-mails or whatever from anyone, including your best best best friend. Verify with them before if you really want to open it.
  2. Don't download and don't execute any EXE from untrusted website, especially when the site is opened by strange E-mails/messages/whatever.
  3. If you are unfortunately inflected, please post a message somewhere in your Facebook (wall, status message, notes or whatever), telling your dearest friends not to open the links in the messages sent by you if they have recieved any.
  4. Please kindly notify your friend who send you this message and warns her about this virus.
  5. Logout Facebook and another other online account when you finish using it, even if you are using your own private computer! Try not to remember password when using any online service.
  6. Spread this message in all the ways you can!

Yes, all these rules to protect yourself in the cyber world again. Simple but useful.

P.S. The real consequenes of opening those web pages and executed the virus may not be that simple. The real impact is still unknown. Will try to look into the issue if I have time.


No comments:

Post a Comment

HTML Tags allowed (e.g. <b>, <i>, <a>)

Disclaimer

ALL CONTENTS AND INFORMATION IN THIS WEB SITE ARE PROVIDED "AS IT" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED. THE ACCURACY AND AVAILABILITY OF THE CONTENTS, INFORMATION AND THE WEB SITE ITSELF ARE NOT GUARANTEED. THE AUTHOR TAKES NO RESPONSIBILITIES ON ANY COSTS OR DAMAGES (DIRECT OR INDIRECT) ARISING OUT OF OR IN CONNECTION WITH THE ACCESS, USAGE OR INABILITY OF USAGE OF THIS WEB SITE.