By Scott M. Fulton, III August 21, 2009
In the Internet equivalent of the old "whack-a-mole" game, Trend Micro researcher Rik Ferguson -- who helped call attention to the Conficker worm early on -- has this week been calling attention to rogue Facebook applications whose main purpose appears to be to collect users' passwords. Using the usual attention-grabbing headings to grab users (repeating the word "sex" is apparently still effective), these apps redirect users to what looks like a legitimate login page, making users believe they need to log into Facebook again. The innocuous names lead users to think they point to real Facebook functions like "inbox," rather than third-party apps. When a user clicks on one of them thinking he's using a part of Facebook, the malicious app takes the user to a Facebook login screen, while in the meantime collecting the user's password. Ferguson first noticed the problem on Monday, with two innocuous seeming apps simply called "Posts" and "Streaming," installed by means of a notification labeled, "sex sex sex and more sex." The trick, he believes, is accomplished by redirecting users to a page hosted by the domain "fucabook.com," which his research has uncovered is being hosted within Amazon's EC2 cloud. That URL might appear in the user's browser window while it's running the built-in JavaScript, but the slight differences in spelling might not stay in the address bar long enough to be noticed. That's because the refresh attribute in the malicious page's meta element is having the browser refresh itself almost immediately, pulling up the real Facebook login page.
Read more here -->Link
No comments:
Post a Comment