Facebook: Paradise for Rogues
Facebook is turning out to be a "Virus Paradise". Its so easy to trick the users that even after continuous awareness from facebook and other security sites these bad guys are able to achieve what they need.The never ending story of malicious attacks is getting better everyday. The trouble is these guys are good advertisers and always come out with new innovative ideas that makes every user anxious and excited to try something new. In present situation try to avoid anything that makes you feel anxious to know what is after that click. The latest one that seems to have already infected many facebook users reads:
"OMG The World's Worst Mcdonald Customer (Shocking Video and music..see more..)" followed by a shortened link as below..
or,
“The Truth Behind McDonald’s” and “McDonald Shocking Video”
Or,
“OMG! I cant BELIEVE a WOMAN found THIS in her McDonalds Nuggets! WTFF!! >> [link to content],” or “Holy CRAP! I just saw your MOM in this VIDEO!!!!”.
Clicked on it....What Happens Next?
i) It'll ask your permission to post on your Wall (it may also ask you confirm that you are 18 years old), access your data at any time, access your contact information and your list of friends, amongst other things.
ii) Though it is sensible to cancel out of this at this time but sadly there are still users who would be so anxious to watch the video that would grant the permission
Permission granted...
iii) Hurray..you have just handed over the control to the rogue facebook app.
iv) Next the same message will be posted on your wall thus completing the cycle again. From next time onwards you do not even have to worry about your status updates..it'll be automatically sent out by the rogue..
This overall process is called Clickjacking. Once the link is clicked, the attack then tricks victims into making a series of additional clicks, which give the attackers the ability to spam the malicious content on the victims wall.
So far, these attacks primarily have been used to promote Cost Per Action (CPA) affiliate programs, which helps the attackers to earn dollars in exchange for completed surveys or other traffic driven actions. Weaponizing or activating these attacks is fairly trivial, so you should proceed with extreme caution when clicking links that appear to be from friends on social networks.
It is possible you might have made a mistake or got lured by the rogue. But the most important thing now is how to get rid of rid and protect your privacy. The Facebook security team is doing a great job. It doesnt take much time for the facebook security team to block the fake ones but not fast enough to save the first 10,000 users. I have added a quick guide and steps to get rid of the rogue in my technical blog. Please click to see the removal process..XsTechx
Bahrain
Australian
Malaysian
Chinese
Spanish
Monaco
Turkish
Canadian
British
German
Hungarian
Belgian
Italian
Singapore
Japanese
Korean
Brazilian
Abu Dhabi