Thanks to a tip-off from colleague Gadi Evron, I’ve just spent some time looking into the latest Facebook worm after he alerted Facebook about it.
Like so many past worms, this one uses a suggestive come-on to lure the unsuspecting into clicking a link, and after some behind-the-scenes shenanigans, it posts a link to the same lure page on the victim’s Facebook wall, if the click-happy victim is currently logged into Facebook.
I’m not much of a Facebooker (in fact, only using it for investigating things like this!) but I’ve heard reports that this is working, as more and more folk’s walls start to look something like this:
For those unfamiliar with Facebook (is there anyone other than me in that set?) the thumbnail of the worm’s infective page is a link to the page. The worm’s objective, of course, is that others viewing the victim’s wall will click the link, and as they are logged into Facebook, the worm will propagate its link to that victim’s wall, and so on…
How does this all work? Rather simple really and something Facebook needs to fix.
This worm uses what is technically known as a CSRF (Cross-site Request Forgery, also called XSRF) attack. A sequence of iframes on the exploit page call a sequence of other pages and scripts, eventually resulting in a form submission to Facebook “as if” the victim had submitted a URL for a wall post and clicked on the “Share” button to confirm the post.
So, at least until Facebook fixes its side of the problem here, be especially careful in which buttons you decide to click, baby!
Share | |
Related Posts
- Don’t Click ANYTHING On Facebook!
Yesterday I wrote about how to recognize and avoid a clickjacking attack that's making the rounds on Facebook. My own daughter at college got hit. She's smart. She immediately wiped out the ... - Those Facebook “stalker apps”? They don’t work, so avoid them
"Stalker apps" on Facebook—apps that claim to show you who's been looking at your profile—are not real. We're telling you that up front because it's not quite obvious to the people who use Facebook,... - Facebook photo album chat messages spreading worm
A new variant of the Koobface worm was making the rounds today on Facebook. This is particularly bad news. Most of the Facebook scams we report on do not infect your computer with malware; they simpl... - Hi my love, please don’t click that “pic.exe” file
Nowadays, spammers usually craft elaborate and enticing scams to lure a lot of people into taking action. However, a spam campaign we observed recently is one of the more cruder forms of social engine... - OS X the main target of new Facebook Worm?
I just can’t get enough of this new worm. With the help of a few people, I was able to de-obfuscate the malicious Java classes and shed some light on the bad guys’ intentions. Earlier this... - A look behind the new cross-platform Facebook Worm
We’ve had a bit more time to analyze the new variant of this worm that affects Windows, Mac and Linux users. There have been differences of opinions out there about whether or not this is the sa... - Koobface worm targets Mac users on Facebook, Twitter
A new variant of the Koobface worm that targets Mac OS X and Linux as well as Windows is spreading through Facebook, MySpace and Twitter, security researchers warned today.
View full post on Networ... - Professionals: Don’t use Facebook and Twitter
Do you receive a steady stream of invitations to join Facebook, MySpace, and Friendster? I have been told repeatedly by friends and colleagues that I should post personal information on these sites, t... - Canuck privacy boss probes Facebook ‘like’ button
Facebook received welcome news that the Canadian Privacy Commissioner is satisfied the social network addressed privacy complaints lodged against it two years ago, but the social networking site is no... - Facebook Spam Worm Links to “Mobile Entertainment”
The survey spam worm that spread across Facebook yesterday was posted to profile Walls "via Mobile Web".In here the lab, we're always interested in all things mobile, so we took another look a...
Posted on 09 February 2011. Tags: Baby, Button, Click, Don't, Facebook, worm
