Facebook users under cyberattack!

(USA TODAY) Two top botnet gangs are bombarding Facebook members with targeted phishing emails. They're hoping to get control of members' Facebook and other accounts -- a rising type of cybercrime.

There is nothing Facebook can do, beyond warning its members, to slow down these attacks.

In one of the ongoing attacks, the bad guys are directing an army of computers they've previously infected to systematically send out individual email messages to millions of Facebook members.

The messages advise recipients to click "here" to activate a "new login system that will affect all Facebook users." This takes the victim to mocked-up Facebook log-in page with the victim's email address already filled in, but the password is blank. Typing your password gives full access to your Facebook account to the crooks.

But the bad guys aren't done yet.

Another prompt then appears, advising you to download an “update tool,” which actually installs the ZeuS banking Trojan. It lurks on your hard drive waiting for a chance to steal your online banking log-in information the next time you type it.

As of this morning, AppRiver had counted 41 different Web domains sending out 600 of these targeted phishing emails per minute. "We have seen around 6 million pieces of email so far this morning," he says.

At its peak yesterday, about 1,000 viral emails per minute were being pushed out, he says. "This was a two-pronged attack," says Touchette. "The first purpose was to phish Facebook accounts, and the second was to attempt to deliver a Trojan onto the victim’s machine."

This same cybercrime group has tried variations of this attack with email lures purporting to come from the IRS, the British customs service and a banking consolidation service in the United Kingdom called One Account. The latest campaign was preceded by a similar one, with messages purporting to come from the FDIC. The crooks' main goal is to "intercept financial account information," says Tochette.

The other big, ongoing Facebook phishing campaign began on Monday around noon Pacific time, says Jamie Tomasello, abuse operations manager for messaging security firm Cloudmark.

These emails purport to come from support@facebook.com, and contain a zip file said to hold the recipient's new password, recently changed for security reasons by Facebook.

This simple ruse is fooling many. Cloudmark has found evidence of Facebook members actually going into their junk mail folders to retrieve these viral messages, then clicking on the infectious zip file. This installs a banking Trojan, called Bredolab, which competes against ZeuS for sales in the cyber underground.

"People are very addicted to their Facebook accounts. They are so accustomed to communicating frequently and rapidly all the time," says Tomasello. "They are aware of all the attacks, and are concerned about them. Yet many of them believe this is a legitimate security message from Facebook that got inadvertently sent to their junk mail folder."

Similar attacks are inundating Twitter, as well. So many Twitter users are changing their passwords to start anew that Twitter but can't handle the changes and has begun locking out such changes. Twitters now advises users not to change their usernames and passwords.

Tomorrow antivirus company Kaspersky plans to publicly unveil Krab Krawler, a tool it has been developing that's designed to troll Twitter microblogs for malicious URLs and then add them to Kaspersky's blacklist of malicious programs.

Copyright © Jewish Internet Defense Force
All Rights Reserved

The views expressed on this website do not necessarily reflect the views of the JIDF. The content is not intended to malign any religion, ethnic group, club, organization, company or individual. This site's intention is to do no harm, to not injure others, defame, or libel. All data and information provided on this site is for informational, educational, and/or entertainment purposes only. The Jewish Internet Defense Force (JIDF) makes no representations as to accuracy, currentness, correctness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use, or access to this site. We are not responsible for translation or interpretation of content. We are not responsible for defamatory statements bound to government, religious or other laws from the reader’s country of origin. All information is provided on an as-is basis with no warranties, and confers no rights. We are not responsible for the actions, content, accuracy, opinions expressed, privacy policies, products or services or for any damages or losses, directly or indirectly, caused or alleged to have been caused as a result of your use or reliance on such information on the Jewish Internet Defense Force site. This site includes links to other sites and blogs operated by third parties. These links are provided as a convenience to you and as an additional avenue of access to the information contained therein. We have not reviewed all of the information on other sites and are not responsible for the content of any other sites or any products or services that may be offered through other sites. The inclusion of these links in no way indicates their endorsement, support or approval of the contents of this site or the policies or positions of the JIDF. We have the right to edit, remove or deny access to content that is determined to be, in our sole discretion, unacceptable. These Terms and Conditions of Use apply to you when you view, access or otherwise use this blog and the Website. The JIDF is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
Related Posts with Thumbnails