CyberThreats Daily: A new spam wave on Facebook
March 4, 2011 1 Comment
In the last 24 hours the security experts of ESET Ireland have caught more than 5 different Facebook spams. This is the biggest spam wave so far we have seen appearing all over people’s walls in such a short time.
Facebook is vulnerable to spam by design, since Facebook users trust the messages they see on their friends’ walls, and have no fear clicking them. The cybercriminals (ab)use this behaviour, and spam Facebook regularly. Since there are more than 500 million Facebook users, Facebook spam became a multimillion dollar business for cybercriminals. A good and up-to-date antivirus software can protect you from downloading malware, but it can not protect your Facebook wall. If you click on a spam message, it could infect your computer and it spreads to your friends.
Why is Facebook spam a security threat?
Facebook security threats usually first appear as “shocking must-see topic” spam messages on friend’s walls and in the news feed.
The curious Facebook user clicks on the message to watch a video and is immediately lead to another page, sometimes within Facebook, in some cases outside of it, to some drive-by malware ridden one. On that other page, the user usually has to like the spam message, or gets to do different other things, such as answering questions, installing a Facebook application which requires access to their info, downloading malware code masked as some video codec or signing up for a premium rate mobile text service. By confirming these actions, users can voluntarily infect their computers with malware, bypassing their security software. At the end of this ordeal the user may or may not be shown the “shocking video” which is usually some useless fake, but for the cherry on the cake, the spam message now appears on his wall and in his friends’ news feed, so he can infect all of them as well.
Antivirus software can not protect users from Facebook spam, since the spam is working inside Facebook. The only defence against it is user awareness and thinking before clicking. This is why we at ESET Ireland started our Facebook page at http://www.facebook.com/eset.antivirus.ireland to warn Facebook users about the latest security threats. By joining the page, Facebook users can keep themselves up to date with the latest Facebook threats daily and stay secure online.