Modernizing Authentication — What It Takes to Transform Secure Access
Thousands of Facebook users have been victimized by a new malware scam that uses the lure of a purported "Distracting Beach Babes" video to get users to install adware on their PCs and mobile devices.
Last week, a similar scam using a thumbnail come-on to download a video titled "Candid Camera Prank" victimized Facebook members who were foolish enough to click on what they thought was a video of a young woman in a short skirt riding a bicycle.
In both cases, once a person clicks on the alleged video, he or she is taken to a rogue Facebook application that asks the user to update his or her FLV player. The application names used during this particular attack have included BluRay, Avi Video, Video Wave and 3GP, according to security software vendor Sophos.
Instead of playing the "beach babes" video, the computer or mobile device has instead downloaded and installed the Hotbar adware application and, perhaps more distressing, forwarded the risqué video scam to all of a person's Facebook friends.
According to a blog posting on the Sophos security software site, the video bait is posted on the walls of Facebook members, making it seems as though it were posted by someone the intended victim knows.
Sophos and other security software vendors are warning those who fell for the scam to change their Facebook password, run an antivirus scan on their PCs or mobile devices and review any and all applications that have been installed in the past few weeks.
These types of socially engineered malware traps have become common as Facebook's popularity has grown. The site now claims 400 million-plus members.
Earlier this month, Kaspersky Lab reported that Facebook has become one of the most popular targets for organized phishing syndicates looking to snare banking and credit card information from unsuspecting social networkers.
Facebook officials were not immediately available for comment.
Because of its size and the inherent danger of having so many people infected by a virus or malware in such a short period of time, some security pundits are asking Facebook to step up and improve its overall approach to member security.
"Isn't it time that Facebook set up an early warning system on their network, through which they can alert their almost 500 million users about breaking threats as they happen," said Graham Cluley, a senior technology consultant at Sophos. "Imagine just how many people could have been protected if a simple message had appeared on all users' screens warning them of the outbreak."
Cluley pointed out that Facebook's security page does have 1.8 million fans, but as of Monday morning, the page hadn't mentioned either of the two racy video come-ons.
"Facebook needs to work harder both at preventing these kind of attacks from happening, and also better coordinating its response when an outbreak occurs," he added. "Unless something is done, I wouldn't be surprised at all if there was another widespread attack this coming weekend impacting thousands of Facebook users."