Huge 'sexiest video ever' attack hits Facebook
'Stunning' attack targeted Internet Explorer users, planted adware on victims' PCs
Computerworld - A huge attack by a rogue Facebook application last weekend infected users' PCs with popup-spewing adware, a security researcher said Monday.
On Saturday, AVG Technologies received more than 300,000 reports of the malicious Facebook app, said Roger Thompson, AVG's chief research officer. AVG came up with its tally by counting the number of reports from its LinkScanner software, a free browser add-on that detects potentially poisoned pages.
"It was stunning, really, the number," said Thompson in an interview via instant message late Monday. "And stunning that it was not viral or wormy [but that] Facebook did it all by itself."
The volume of reports on Saturday's rogue Facebook software was highest during the nine-hour period between midnight and 9 a.m. Eastern, with spikes of approximately 40,000 per hour coming at 7 a.m. and noon. For the day, AVG received more than 300,000 reports, triple that of AVG's second-most-reported piece of spyware.
According to Thompson, Facebook eradicated the rogue application about 15 hours after the attack started. Facebook's only acknowledgment of the attack came on its security page, where a "Tip of the Week" Monday morning read: "Don't click on suspicious-looking links, even if they've been sent or posted by friends."
But other security firms also noted the attack. Both U.K.-based Sophos and U.S. security company Websense dubbed the attack "Sexiest video ever," based on the message that appeared on Facebook users' walls, seemingly from their Facebook friends.
Clicking on the link lead users to a Facebook application installation screen, where users were asked to allow the software to access their profiles and walls. Once approved, the application claimed that users had to download an updated version of FLV Player, a popular free Windows video player.
The download was nothing of the sort, but instead the notorious Hotbar adware, a toolbar that inserts itself into Internet Explorer, then starts displaying pop-up ads and links.
The attack spread as the malicious Facebook app posted the same "Sexiest video ever" message on the walls of victims' friends.
According to Thompson, the massive attack demonstrates the power of large social networking sites.
"Facebook is very responsive to threats when we identify them, and removing these applications as soon as they find them, but they're still able to generate huge traffic, just because of the viral nature of social networks," he said in a statement earlier Monday. "It is staggering how many threats were propagated before they were stopped."
Criminals have recognized the value of abusing Facebook to spread adware, launch identity theft attacks or plant malware on users' PCs. Kaspersky Lab, for example, recently estimated that almost 6% of all identity theft attacks originated from Facebook in the first three months of the year, putting the site in fourth place behind PayPal, eBay and the London-based bank, HSBC.
"This was the first time since we started monitoring that attacks on a social networking site have been so prolific," Kaspersky's report said.
Websense offers a free tool called Defensio that, among other things, protects Facebook pages against spam, unwanted URLs and malicious content.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- The DDoS Threat Spectrum Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Need to Replace MS Threat Management Gateway? Read this article to learn how F5's Secure Web Gateway solution provides a full set of features that can help you successfully migrate...
- The Shortfall of Network Load Balancing Applications running across networks encounter a wide range of performance, security, and availability challenges as IT department strive to deliver fast, secure access...
- Leave No App Behind with Software Defined Application Services F5 Software Defined Application Services (SDAS) is the next-generation model for delivering application services that enables service injection, consumption, automation, and orchestration across...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Web Apps White Papers | Webcasts