Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A worm that spreads through Facebook by using the news feed has been detected.Roger Thompson, chief research officer for AVG, claimed that the worm works by infecting one user and using their profile page and news feed to show a scantily-clad woman. If you click the picture you are taken to the attack website where you are asked to click a button to "see something hot".By clicking on the button, your profile and status are updated to show the scantily clad girl, and thereby entice all your friends to the same page.“The attack is what's known as Cross Site Request Forgery (CSRF), which is a pretty tricky attack, but the basic idea is that a malicious site tricks the innocent site into doing something it didn't intend to, such as, in this case, updating the victim's profile and status with the malicious link.”AVG emerging threats researcher Nick Fitzgerald said: “For those unfamiliar with Facebook, the thumbnail of the worm's infective page is a link to the page. The worm's objective, of course, is that others viewing the victim's wall will click the link, and as they are logged into Facebook, the worm will propagate its link to that victim's wall, and so on."Thompson further claimed that this was something "best fixed by Facebook", but the interesting question is what other pages are using the same attack. He also queried how many other people have been using the attack without being so obvious about it.“When your profile suddenly starts luring your friends and family to porn sites, that tends to stand out, but one wonders what else might have been happening with more subtlety. The worst hack is always the one you don't know about,” said Thompson.See original article on scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.