So I've noticed a new trend, in recent months. We'll get to my wider concern in a moment.
First though you need to understand the latest malware attack that hit a number of people in my circle of friends, over the last couple of months.
In August, a security researcher for Kapersky, David Jacoby detailed a new threat coming from the Facebook Messenger service.
In a blog post he details how a friend sent him a message with a link to a video file through messenger. The link pointed to a Google doc. The document had taken a picture from the victim's Faceboook profile and created a dynamic landing page that looks like a playable movie.
“When the victim clicks on the fake playable movie, the malware redirects them to a set of websites which enumerate their browser, operating system and other vital information. Depending on their operating system they are directed to other websites,” said Jacoby.
He notes as well that the malware is browser and OS independent, meaning it doesn't matter if it's chrome, firefox, internet explorer, Windows or MAC OS. What???? MACs aren't immune?
“What I noticed during my research was that when changing the User-Agent header (browser information) the malware redirects you to different landing pages. For example, when using Firefox I was redirected to a website displaying a fake Flash Update notice, and then offered a Windows executable. The executable is flagged as adware,” he said.
He adds that when using chrome, he was redirected to a website which looked almost identical to YouTube, including the YouTube logo. Then the website displays a fake error message, prompting the user to download a malicious chrome extension from the Google Webstore.
The chrome extension is a trojan, meant to trick you into installing something you don't want while masquerading as a legit file, extension etc.
“It may be from stolen credentials, hijacked browsers or clickjacking. At the moment, we are not sure because this research is still ongoing,” said Jacoby.
You should never click on a random link that anyone sends you, friend or not. The links are shortened and there is no way to tell where that link is going to send you. Unless you are running a Virtual Machine in a sandbox, never ever click these types of links straight off without thinking about it.
Mark James a Security researcher with ESET says, “In an ideal world double check with the sender through an alternative contact method. If you really do need to follow the link to ensure its genuine then make sure your operating system and applications are fully patched and updated, to lower your chances of being hit through an exploit or vulnerability.”
I'm a little more paranoid with more to lose on my system than pictures and I only explore these in a virtual environment that is sand-boxed to protect my machine, my work and my clients information.
What I'm concerned about is these new waves of "you must have an IQ over 130 to get 10/10 on this test."
There are two problems with these. First for most of them, so long as you are decently well read and educated, you're going to get near perfect or perfect scores each time.
Congrats on your unearned hit of dopamine.
The second problem is they ask for and you give permission to whatever website or "app" to post on your behalf.
Never allow any application, where you don't know the publisher or website source to access your Facebook profile.
The whole story isn't out yet, but I suspect one of these apps or something similar was used to gather the credentials and permissions to make this successful.
It isn't hard to see how all the above methods combined in such a way that it looks like it's completely legit, complete with pics, profile link and whatever else it needs to fool you into taking part.
That goes all fine and your post is in your feed and doesn't look like anything is amiss, bait to gather more credentials to give the site permission to post.
Later on, when you're not looking it starts posting malware links, on your behalf, to friends and family.
This could really screw things up, not only for you personally, but if the infection were widespread and nasty enough, seriously disrupt the entirety of the internet.
Fortunately, this wasn't worse than it was and most of these types of infections are easily caught by most security software and following best computing practices.
I personally use ESET Internet Security along with everything in my article 12 cyber security tips you can use today.
I hope this information can save someone some pain down the road and avoid a costly repair.
NOTE: By making a purchase through this link, you save some cashola and I get a little money from ESET to help me continue doing what I love!
NOD32 is a robust anti-virus and protects you from most things. Internet Security (from the Home dropdown) offers some extra features that someone like myself can't live without. If you're not sure what product you require for your needs please contact www.digitaldr.ca