WARNINGS MADE OVER MALICIOUS FACEBOOK APPLICATION
SC Magazine UK
http://www.scmagazineuk.com/Warnings-made-over- malicious-Facebook-application/article/146596/
Chu ck MillerAugust 17, 2009
A rogue Facebook application has been detected that sends users to
a credential-harvesting site.
Rik Ferguson, senior security advisor at Trend Micro, claimed that
the application is sending notifications that lead to the application
via a user commenting on a post.
Ferguson said that the notifications appear to come from an application
called 'sex sex sex and more sex!!' which despite sounding shady and
looking a bit of a mess still boasts over 287,000 fans.
Trend Micro detected that the hyperlinks in the notification both
lead to a malicious website hosted on the fucabook.com domain and not
to a link back on the profile. The server at fucabook.com then loads
up a JavaScript before immediately using HTTP meta refresh tags to
pull up the real Facebook website and prompting the victim for their
login credentials.
Ferguson said: "Always check the URL displayed in your browser's
address bar before entering any sensitive information. Also check
the true destination of a link before clicking it, by hovering your
mouse pointer over it. If it looks suspicious, don't click it. Also, if
you're a Facebook user, now would be a good time to go and review your
privacy settings and clear out any applications you no longer use."
He further claimed that the attack site is registered to an Arsen
Tumanyan who allegedly resides in Armenia. The domain is registered
through GoDaddy and the URL leads to an IP address that resolves to
Amazon Elastic Compute Cloud (EC2).
SC Magazine UK
http://www.scmagazineuk.com/Warnings-made-over- malicious-Facebook-application/article/146596/
Chu ck MillerAugust 17, 2009
A rogue Facebook application has been detected that sends users to
a credential-harvesting site.
Rik Ferguson, senior security advisor at Trend Micro, claimed that
the application is sending notifications that lead to the application
via a user commenting on a post.
Ferguson said that the notifications appear to come from an application
called 'sex sex sex and more sex!!' which despite sounding shady and
looking a bit of a mess still boasts over 287,000 fans.
Trend Micro detected that the hyperlinks in the notification both
lead to a malicious website hosted on the fucabook.com domain and not
to a link back on the profile. The server at fucabook.com then loads
up a JavaScript before immediately using HTTP meta refresh tags to
pull up the real Facebook website and prompting the victim for their
login credentials.
Ferguson said: "Always check the URL displayed in your browser's
address bar before entering any sensitive information. Also check
the true destination of a link before clicking it, by hovering your
mouse pointer over it. If it looks suspicious, don't click it. Also, if
you're a Facebook user, now would be a good time to go and review your
privacy settings and clear out any applications you no longer use."
He further claimed that the attack site is registered to an Arsen
Tumanyan who allegedly resides in Armenia. The domain is registered
through GoDaddy and the URL leads to an IP address that resolves to
Amazon Elastic Compute Cloud (EC2).