There is a New Android Malware that Mimics Google+ And Spies On Your Phone Calls. The Malware is called Google++. See the following information on the Malware (from phandroid) http://phandroid.com/?p=60957 (http://phandroid NULL.com/?p=60957)
Category Archives: Spyware
Facebook: Another scam alert – Fake Charlie Sheen Video scam
(From the register)
(http://www NULL.theregister NULL.co NULL.uk/2011/03/07/charlie_sheen_facebook_scam/)
Charlie Sheen fake filth flick powers Facebook survey scam • The Register (http://www NULL.theregister NULL.co NULL.uk/2011/03/07/charlie_sheen_facebook_scam/)
www.theregister.co.uk (http://www NULL.theregister NULL.co NULL.uk)
Scammers have exploited actor Charlie Sheen’s increasingly bizarre antics as a lure for the latest in a long line of survey scams on Facebook.
**********************************************************************************************************
Tech Geek and More Note
As always scammers are looking to use human curiosity against you. The want for the “latest train wreak” is now and has always been one of the best ways for a bad guy to be trick you into falling for his/her trap.
Remember -
- Keep your AV updated
- Make sure you have a Spyware program or 2 installed on your pc. I recommend having both superantispyware and malwarebytes installed on your pc. You can find both at www.ninite.com (http://www NULL.ninite NULL.com) (Listed about mid-page, and both are free, even though both may ask you if you want to upgrade to pay versions. The free versions are more than enough)
- Always make sure they you update not only your Windows Install and Office install by going to Windows update in Control Panel (Vista and Win 7) or by Going to (LINK) http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us which is the Microsoft Updates page (Win XP and earlier) (http://update NULL.microsoft NULL.com/windowsupdate/v6/default NULL.aspx?ln=en-us)
- DO NOT CLICK ON ANY link that you were not expecting, even if it appears to come from someone you know. (This is the Red Riding Hood theory. )
Alert: Another Facebook Rogue app to look out for
The rogue Facebook apps continue. This time the warning is about an app labeled as haha or hahatoyourself. It will appear on a page of someone you know, and may even include a direct message to you saying
Heyy (insert your name here), what are you doing in this video? LOL Embarrassing!
The scam may also list as
Look at you HaHa!
and look like a video post.
In both cases, DO NOT CLICK ON THE LINK, the links will attempt to install a rogue app on to your account. If you have clicked on the links already, you will want to do the following
- Remove the posts from your account
- Check the allowed 3rd party applications
You really need to check and see what 3rd party applications have access to your Facebook account. There are many apps in Facebook that people find useful, at the same time, many other Facebook apps are just there to steal your data, or use your account in ways that you don’t want.
To check your Privacy settings for 3rd party apps, click on account (on the top right of Facebook) and then click on Privacy settings.
- Now (in the lower left corner) select Apps and websites, where it says “Edit your settings”
- This will take you to the Apps and Websites page where you should remove any app that you either do NOT recognize or that you no longer use
- *Run a full scan on your pc with Malwarebytes or SuperAntiSpyware to check your pc.
- If you need to download either you can download them from www.ninite.com (http://www NULL.ninite NULL.com)
- *Run a full scan on your pc with your Antivirus Software.
- If you don’t currently have an active Antivirus program, you can download a FREE Antivirus program from www.ninite.com (http://www NULL.ninite NULL.com). (Tech Geek and More recommends Microsoft Security Essentials) If you have an old Antivirus program that is expired, you should remove it prior to installing the new Antivirus software.
(*Make sure you update the program prior to running it)
Alert: Facebook – Tagged Picture used to spread “Fake” links and Malware. (Plus How to Untag yourself)
Since Facebook is the BIG FISH currently, and most users on Facebook seem to “trust” what they see, the bad guys are now targeting Facebook with more daily scams. From Rogue apps, to fake links, to hacking accounts, to now Fake picture tagging on profiles. The following was something I came across yesterday
the tagged picture was on the profile of someone I know. I did confirm with that person that they don’t know “Julie” (either by name or picture) the person on the tag. Of course Julie has a link on her tag. If you happen to click on the link (even if just by mistake) what you get is sent to a website that will download malware on your pc.
So as always having a Facebook account means that you need to pay attention to what is happening on your account. If you run into a situation where a picture is tagged to you that you don’t want showing on your profile, here are the steps to Un-Tag yourself from the picture.
How to Untag yourself –
- From your Facebook home page, locate the blue bar at the top of the screen. It says Facebook, Home, Profile, Friends, and Inbox. Click on “Profile”. Now you will be sent to your profile page.
- On your profile page, look underneath your profile picture that is located at the top left. Under it, you will see “Photos”. Click on Photos
- Now in the middle section of the page toward the bottom you will find the “Photos and Videos of you” section.
Look at the pictures below this section. Any pictures tagged will appear in this area. Click on the picture you would like to remove.
- Now look under the picture for the section that says “In this photo”. Next to that you will find “Remove tag”.
Click remove tag. The photo will not show up on your profile anymore
Alert: Facebook Scam to look out for – “See who viewed your profile”
I ran across another (of the many) Facebook scam this week. A friend had a post listing the iknow_extension this weekend. The app is one of many floating around Facebookland all claiming that they can help a user see who have been “looking at your page”.
At the core, all these scam apps are the same, they prey on the unsuspecting who are not technologically knowledgeable. Some of the variations of catch line that I’ve seen are
- Awesome! you can finally find out who has looked at your page
- OMG… I cant believe this actually works! Now you really can see who viewed your profile!
- Check out who has blocked you on Facebook
of course there are many more than these.
In all cases, it plays into the human curiosity factor, using social engineering to trick the user into infecting there machines. One thing that everyone should be aware of, is that even if it was possible to create an app for the purposes of seeing who has looked at your page, such an app would be completely against the Facebook privacy policy.
In cases like the “iknow” app, it will lead you to a page with an “allow” function that will do 2 things, add itself into your Facebook profile, with the specific purpose of being able to then control your profile so that it can continue to spread itself (Like a bad disease), and also then tell you that you need to “download” a file to activate the app. That download in fact being the master malware that will then infect and control your pc (I refer to it as the gatekeeper, as this malware you download in fact just handles what your pc does, so that it can continue to download more and more on your machine. In the same way of what would happen if you gave a burglar the keys to your home, and he was just there to open the door so others can steal from your house).
If you do (or have fallen for these) scams, the 1st thing you need to do is go into the Applications and plugins area in Facebook to remove the rogue app from being allowed access to your account. You do that by doing the following
Application and Plugins (http://www NULL.facebook NULL.com/help/?page=25) › General Application Support: Adding, displaying, and removing applications (http://www NULL.facebook NULL.com/help/?page=964)
How do I remove or delete an application from my account?
You can remove an application you have allowed from the Applications Y…
You can remove an application you have allowed from the Applications You Use (http://www NULL.facebook NULL.com/settings/?tab=applications) page. To get to that page, follow these steps:
- Go to the Privacy Settings (http://www NULL.facebook NULL.com/settings/?tab=privacy) page from the “Account” drop-down menu located at the top of any page on Facebook.
- Click the “Edit your settings” link under the Applications and Websites section towards the bottom of the page.
- Click on the application you’d like to remove. If you don’t see the application listed, you can find it by clicking the Edit Settings button towards the top right-hand side of the page.
- You’ll then see an expanded view of your settings for that application. From here, you can click the “Remove application” link. Once you confirm you’d like to remove the application, it will no longer have access to your data and be removed from your profile, bookmarks, and your Applications and Games Dashboards.
Once you have done that, the next step is reviewing your Facebook posts and removing any posts created by the “rogue” application. That is as a courtesy, so that others don’t fall for it from your posts.
Lastly – I recommend downloading the following applications, and running a full scan with each application (one at a time) on your pc.
- Superantispyware
- Malwarebytes
My suggestion for the simplest way of downloading and installing these 2 apps is by visiting www.ninite.com (http://www NULL.ninite NULL.com) and selecting them (about 1/2 of the page down). Ninite will not only download the apps on to your pc, but also handle the installation of the apps on your pc.
Remember that before running either of the apps, you should find the update tab on each and make sure that the app is updated to the latest definitions. Once each app finishes its “full scan”, clean out whatever each finds, and then reboot and run both apps again. (I know this sounds like a pain) You want to reboot and rerun both apps to make sure that nothing was left behind.
If your scans come up clean, then you should be ok. Until the next adventure in technology (at least)
Alert: You need to make sure your Windows/Office software is up to date. Targeted attacks against recently addressed Microsoft Office vulnerability is now out
Last November, Microsoft released security bulletin MS10-087 (http://www NULL.microsoft NULL.com/technet/security/Bulletin/MS10-087 NULL.mspx), which addresses a number of critical vulnerabilities in how Microsoft Office parses various office file formats. One of them is CVE-2010-3333 (http://cve NULL.mitre NULL.org/cgi-bin/cvename NULL.cgi?name=CVE-2010-3333), “RTF Stack Buffer Overflow Vulnerability,” which could lead to remote code execution via specially crafted RTF data. A few days before Christmas, we received a new sample (sha1: cc47a73118c51b0d32fd88d48863afb1af7b2578) that reliably exploits this vulnerability and is able to execute malicious shellcode which downloads other malware.
The notice that was posted on the Microsoft Protection Center blog ( http://blogs.technet.com/b/mmpc/archive/2010/12/29/targeted-attacks-against-recently-addressed-microsoft-office-vulnerability-cve-2010-3333-ms10-087.aspx (http://blogs NULL.technet NULL.com/b/mmpc/archive/2010/12/29/targeted-attacks-against-recently-addressed-microsoft-office-vulnerability-cve-2010-3333-ms10-087 NULL.aspx) ) concerns a flaw in the Microsoft Office program that was fixed in November. The bad guys have now found a way to exploit the flaw on computers that do NOT have the updated software. This affects you no matter which version of Office or Windows you are running.
Symantec underlined the seriousness of the flaw to CNET’s Elinor Mills in November:
“One of the most dangerous aspects of this vulnerability is that a user doesn’t have to open a malicious e-mail to be infected,” Joshua Talbot, security intelligence manager at Symantec Security Response, said at the time. “All that is required is for the content of the e-mail to appear in Outlook’s Reading Pane. If a user highlights a malicious e-mail to preview it in the Reading Pane, their machine is immediately infected. The same holds true if a user opens Outlook and a malicious e-mail is the most recently received in their in-box; that e-mail will appear in the Reading Pane by default and the computer will be infected.”
So what does this mean to you…….It means that if you receive an email, even if its obvious that the email is bad and you don’t click on it, just by it appearing in the reading pane section, will cause your computer to get infected with malware.
How do you make sure you are protected?
Windows Vista / Windows 7
If you are running Windows Vista or Windows 7 go to start –> Control Panel –> Windows Update
Once in Windows Update –> click on Check for updates –> Once the scan is complete –> system will tell you how many updates you need –> now click on Install updates.
Once you have successfully updated all Windows / Office software your Windows update should look like this.
Windows XP
In Windows XP –> Using Internet Explorer –> Visit the Microsoft Update website (LINK) http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us (http://www NULL.update NULL.microsoft NULL.com/microsoftupdate/v6/default NULL.aspx?ln=en-us)
(IMPORTANT NOTE: In XP – Microsoft has 2 websites for updates. One is called Windows Updates and one is called Microsoft Updates. You want to make sure that you are on the one that says Microsoft Updates as the Windows Updates site does NOT give you Office updates)
Once you are on the site –> Click on Custom and let it scan your pc. (Note you may be asked to run an ActiveX file if this is the 1st time you have been to the site. Just make sure you say you in this case specifically)
You may also get a message about a needed download –> if you do just click on “Download and Install Now”
Once Microsoft Update completes its scan it will show you what updates you are missing
Look under the “High Priority” updates and make sure that you have selected them all
Followed up clicking on “Review and install updates”
This will bring you to the confirmation page. Make sure you have all missing updates selected. You will see 1 final “Install Updates”. Click on it –>
Followed by “I Accept” under the agreements area –> and then watch your updates download and install.
After the updates install –> Reboot pc –> and visit site again to see if you have any remaining updates. Continue the steps until you get 0 (zero) remaining “High Priority” updates.
Once you are at 0 (Zero) now your Windows / Office software is up to date.
(FINAL NOTE: This does NOT mean you are free and clear, as always you need to take care of precautions when surfing the Internet. There are still many other ways you can have your computer compromised)
Alert: Be careful shopping this coming Cyber Monday (11/29) as the bad guys are looking for easy victims
As always the bad guys are online, out to try and steal from unknowing victims this holiday season. With the popularity of Online Shopping, it has never been easier for a bad guy to steal from you without ever having to leave his home. The following post below comes from Panda Labs (LINK: http://pandalabs.pandasecurity.com/blackhat-friday-and-cybercrime-monday/ (http://pandalabs NULL.pandasecurity NULL.com/blackhat-friday-and-cybercrime-monday/) ), showing how crooks are manipulating search engines to trick users. As always, just because you are shopping online that doesn’t mean that you don’t have top pay attention. Always make sure to keep your Cyber Guard up.
*******************************************************************************************************************************************
Black(hat) Friday and Cyber(crime) Monday
- by Sean-Paul Correll (http://pandalabs NULL.pandasecurity NULL.com/author/sean-paul-correll/)
You may be in for more than you bargained for if you plan on looking for the latest Black Friday or Cyber Monday deals online. Cyber criminals are quick to capitalize on new opportunities and have already done so by optimizing their Blackhat SEO campaigns to infect those looking for those hot ticket item deals.
The following image is a malicious search result aimed at innocent users looking for Black Friday deals at a popular U.S. based retail chain:
(http://pandalabs NULL.pandasecurity NULL.com/wp-content/uploads/2010/11/bestbuy_malicious_search NULL.png)
Best Buy/Black Friday Malicious Search Result
Clicking on the link in the Firefox browser will redirect you to a fake Firefox “update” website, which will then infect your computer with fake antivirus software:
(http://pandalabs NULL.pandasecurity NULL.com/wp-content/uploads/2010/11/fakefirefoxupdate NULL.png)
Fake Firefox Update Website
Clicking the link in Internet Explorer (or any other browser) will lead you directly to the fake antivirus scan page:
(http://pandalabs NULL.pandasecurity NULL.com/wp-content/uploads/2010/11/Roguewarepage NULL.png)
Rogueware “Fake Antivirus” Page
ALERT: Windows Live Messenger 2009 Users–“Active links in Messenger 2009 temporarily turned off to prevent a malicious worm”
Microsoft has announced via the Windows Team Blog (LINK) http://windowsteamblog.com/windows_live/b/windowslive/archive/2010/11/12/security-alert-active-links-in-messenger-2009-temporarily-turned-off-to-prevent-a-malicious-worm.aspx (http://windowsteamblog NULL.com/windows_live/b/windowslive/archive/2010/11/12/security-alert-active-links-in-messenger-2009-temporarily-turned-off-to-prevent-a-malicious-worm NULL.aspx) that they are now blocking Active links in Windows Live Messenger 2009. What that means is that when you are in a chat with someone, if a link appears that you will NOT be able to directly click on it to open the link. If you wish to see the link you will need to copy it from the chat window and then past it into your browser.
Keep in mind that not only in WLM chat but in all chat programs there is always a possibility of receiving “Rogue” links that were not actually sent by the person who you are talking to. If you ever receive a link via chat, you want to make sure and check with the person you are talking to, so that you can confirm if its legit or not.
Those who click on the malicious link, will download a Worm (a form of virus), which will install on your pc, and then use your pc to send itself to all your friends links. As always you should make sure you have an up to date Antivirus.
A particularly malicious worm (a self-replicating computer virus) is currently trying to spread itself through many of the world’s largest instant messaging and social networks, including Windows Live Messenger 2009. We’re very serious about protecting our customers, and are pursuing multiple avenues to help stop its progress. The worm spreads by inserting a link into an IM conversation with a person whose computer is already infected. When someone clicks the link, it opens in a browser, downloads the worm on the recipient’s computer, and then repeats this process.
Normally, when Messenger sees a web address in a conversation it is turned into a hyperlink which, when clicked, automatically opens in a web browser. This feature makes it very easy for the malicious worm to be unknowingly installed on your computer by clicking on the link and being sent to a web site containing the malicious software. We’re pursuing a number of activities to help protect you, working actively with industry experts and law enforcement to help stop this criminal activity.
Most notably, we’ve temporarily turned off active hyperlinks for web addresses sent in IM conversations using Windows Live Messenger 2009. You will still be able to copy a web address and paste it into a browser window if you know it to be safe, but by removing active hyperlinks from Messenger 2009, we’re taking a significant step towards stopping the unintentional spreading of this worm.
Because we’ve now blocked active links in Messenger 2009, starting today, some customers may also see a notification in the main Messenger window warning them that some features might not be available.
(http://windowsteamblog NULL.com/cfs-file NULL.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-53-82-metablogapi/6116 NULL.messenger_2D00_warning_5F00_3E135389 NULL.png)
Messenger 2011 is not impacted in the same way, thanks to its Link Safety feature. However, we are actively monitoring the situation and investigating different approaches to help protect customers using the latest version of Messenger, should the situation change.
As always, we encourage customers to exercise caution with links to web pages that you receive in IMs, especially if the links are to a web page that you are not familiar with, unsure of the destination of, or suspicious of. Malicious software may be installed in your computer simply by visiting a web page with harmful content.
If you think your computer may have already been infected by a malicious worm, check the , please visit the Security TechCenter on Microsoft TechNet (http://technet NULL.microsoft NULL.com/en-us/security/default NULL.aspx), and then download and use the malicious software removal tool (http://www NULL.microsoft NULL.com/security/malwareremove/default NULL.aspx). For additional help with Messenger, check out the Messenger Solution Center (http://windowslivehelp NULL.com/product NULL.aspx?productid=2).
ALERT: New Rogueware–This one can detect which browser your using and customize the fake alert to the browser you are using
In a never ending effort to inform the visitors to TGM, here is another ALERT concerning a new version of Rogueware (Rogue:MSIL/Zeven (http://www NULL.microsoft NULL.com/security/portal/Threat/Encyclopedia/Entry NULL.aspx?Name=Rogue:MSIL/Zeven)) that can actually figure out what web browser you are using and then customize the fake message to look like a standard message for the browser you are using. As always the reason these types of attacks work is because of the social engineering aspect, most people don’t know any better, they assume that if the message pops up on their pc the “it must be true”. Unfortunately the messages that you will see as a result of the Rogueware are nothing more than a trick to get control of your pc.
The following article (Written by Daniel Radu of the Microsoft Malware Protection Center) comes from the Microsoft TechNet Blog (LINK) http://blogs.technet.com/b/mmpc/archive/2010/09/01/rogue-msil-zeven-wants-a-piece-of-the-microsoft-security-essentials-pie.aspx (http://blogs NULL.technet NULL.com/b/mmpc/archive/2010/09/01/rogue-msil-zeven-wants-a-piece-of-the-microsoft-security-essentials-pie NULL.aspx) . You should pay close attention to what the fake alert can look at in each of the browsers (At the bottom of the message you get “Upgrade to a reliable solution”).
**************************************************************************************************************************************
Rogue:MSIL/Zeven wants a piece of the Microsoft Security Essentials pie
A new rogue has started making its appearance from compromised websites: Rogue:MSIL/Zeven (http://www NULL.microsoft NULL.com/security/portal/Threat/Encyclopedia/Entry NULL.aspx?Name=Rogue:MSIL/Zeven). We received a sample (70be8ca73142922fd78acf2aafa9f141a977f15a) and a URL and began our investigation.
Let us say from the beginning that the guys behind this rogue like to copy big-time. They start by auto-detecting what browser the user is currently using, and then faking the malware warning page if the browser is Internet Explorer, Chrome, or Firefox. This is meant to be a social engineering scheme in order to trick the user into downloading and installing the rogue, relying on the user’s trust of his day-to-day browser.
The similarity between the fake warning pages is so accurate that it can trick even highly trained eyes.
In the Firefox page, for example, you can see it’s not the real warning page because they misspelled ‘out’ and wrote ‘Get me our of here’.
Chrome
Internet Explorer
But for all three browsers, a common indication that you are not looking at the actual browser warning is the offer of some sort of an “update” or “solution”. All the “updates” point to a copy of MSIL/Zeven that promises to provide “a new approach to windows detection”. Internet Explorer, Firefox, and Chrome do not offer such a solution when a website is blocked.
When installed, the product looks very genuine: it allows you to scan files, tells you when you’re behind on doing your updates, and enables you to tweak your security and privacy settings. These features are usually available in various legitimate antivirus solutions. However, the features don’t work; everything is there just to look nice, not to offer any kind of protection (just like in all other rogue antivirus programs).
Of course once it scans your computer it’s bound to claim it found something scary (malicious), as shown below:
As usual with rogue scanners, although it “found” malicious files, it claims it cannot delete them unless you update. That implies that you need to pay for the full version, which has the ability to download updates. However, these files are totally bogus; no such files exist in the user’s computer.
If you decide to buy the product, this rogue opens an HTML window enabled with ‘Safe Browsing Mode’ and high strength encryption to “help” and ”protect” you while completing your purchase. Of course these features are totally worthless and don’t actually do anything in the way of securing your credit card details.
The main page of the rogue antivirus program itself looks awfully close to the Microsoft Security Essentials webpage – more copying from the bad guys. The people behind it have even copied the awards received by Microsoft Security Essentials and link to the Microsoft Malware Protection Center - pretty sneaky of them.
This is a screenshot of the rogue’s main webpage:
And, by way of contrast, this is a screenshot of the genuine Microsoft Security Essentials (http://www NULL.microsoft NULL.com/security_essentials/) page:
It seems that these guys want to profit on the good reputation and success of Microsoft Security Essentials in order to make money – but we remind our customers that Microsoft Security Essentials can be downloaded at no cost. And it really does protect your computer from malware!
We detect both the downloader of the rogue and the rogue itself as Rogue:MSIL/Zeven (http://www NULL.microsoft NULL.com/security/portal/Threat/Encyclopedia/Entry NULL.aspx?Name=Rogue:MSIL/Zeven).
Until our next encounter: browse safely!
Daniel Radu
MMPC Dublin
Facebook: ALERT – New Malware attack using Facebook. DONT CLICK ON “Most Hilarious Video Ever” wall posts.
It seems that recently Facebook has be at the center of many web issues. Unfortunately, this is a trend that seem to continue as now we have a new Facebook attack that has the goal of stealing your credentials (there for taking over your account) in addition to downloading malware on your pc. If you see any wall post about the “Most Hilarious Video Ever”, DO NOT CLICK on it. If its on your own wall delete the post from your wall, if you have already clicked on the link (Fallen for the post), you need to immediately go to your profile and change your password information.
The following information comes from the WEBSENSE blog (LINK: http://community.websense.com/blogs/securitylabs/ (http://community NULL.websense NULL.com/blogs/securitylabs/)) concerning this new FB attack, included below is a video from websense showing how the attack happens.
Posted: 28 May 2010 09:11 PM
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/1106 NULL.facebook_5F00_hilarious_5F00_1 NULL.png)
We predicted that this attack would happen again and unfortunately we were right.
This attack is different from previous weekends as not only do the attackers try to steal your Facebook credentials, what happens after that depends on which country you connect from. Once you click on the link to view the video you are taken to a fake Facebook login page where you are tricked into entering your credentials. The login page look like the real thing except of course if you look at the address bar you can see that you’re not on facebook.com. But users can easily be tricked into thinking that they temporarily were logged out of Facebook and to continue they have to login.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/4478 NULL.facebook_5F00_hilarious_5F00_4 NULL.png)
Regardless of what you enter in the login form you are then taken to a page on the real Facebook site that asks you to allow the application to access your profile. If you allow that you’re taken to a page saying that you need to upload your FLV Player to view the video. Up until this point it’s similar to how the two previous attacks have worked, except that this new one also has the phishing component. However, what happens now depends on which country you are connecting from.
If you are coming from a US IP address you are prompted to download the FLV Player, which is detected by 35% of antivirus engines (http://www NULL.virustotal NULL.com/analisis/ba220931f0993b752cc9cc25d449904646528fee138ace928f027bb643f3b61e-1275104977), as can be seen in the screen shot:
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/3755 NULL.facebook_5F00_hilarious_5F00_2 NULL.png)
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/0842 NULL.facebook_5F00_hilarious_5F00_2 NULL.png)
However, if you’re coming from a UK IP address you’re taken to a quiz where they have to answer 10 questions.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/4617 NULL.facebook_5F00_hilarious_5F00_3 NULL.png)
Once completed the user then gets the chance to win an iPad! All they have to do is to fill in their address. So instead of tricking the user into installing a malicious file, this time they’re after your information in addition to your Facebook credentials from the fake login page.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/8512 NULL.facebook_5F00_hilarious_5F00_5 NULL.png)
It’s very likely that the behavior is different than the two examples we have described depending on which country you connect from. In our testing we only had the ability to test this attack from the US and UK but regardless of where you are connecting from you shouldn’t click on the fake video and never, ever give you Facebook username and password to a website that is not facebook.com. We also recommend you to install Defensio, our free security app for Facebook that will protect your wall from posts like this. You can get it from http://defensio.com (http://defensio NULL.com)