Fortinet, the pioneer and leading provider of unified threat management (UTM) solutions has detected a malicious Facebook worm that is trying to leverage Google Reader (an application for organizing and accessing your most visited websites) to gain trust in visitors so that they download a malicious codec onto their machines. How? A malicious video is distributed through the Facebook worm and then attempts to 'socially engineer' trust by redirecting out of Facebook to a Google Reader site.
Fortinet has notified both Facebook and Google, and posted the following advisory on its FortiGuard Center: http://fortiguardcenter.com/...
Guillaume Lovet, Senior Manager at Fortinet's FortiGuard Global Security Research Team, advises the following 'Top Five Tips' to avoid becoming a victim of this potentially devastating attack:
1. Beware of messages with a link inside.
2. If you do detect any such messages, ask yourself if the message you're reading is from who it claims to be. It is actually very easy to separate messages that are from people you know, and imitators, as worms cannot imitate people's own style of writing.
3. Be vigilant about video content. A lot of social engineering sleight of hand used by social networking sites rely on teasing the victim into watching a video. Keep in mind that online videos share a very common format (i.e. Flash), so if you can normally see flicks on youtube or dailymotion, you won't ever need any additional plugin or codec. Most importantly: codec which come in the form of executable setup files are, in this context, Trojans.
4. Don't browse the Web with a system that's not up-to-date with security updates. Often, those malicious end-points carry some web-browser exploits that will actually push the Trojan onto your system without your knowledge, let alone your interaction. This won't happen if your browser is up-to-date. You may prefer alternate browsers for that purpose, hence reducing the exploit surface in your technology.
5. If you have already been fooled by the virus, antivirus protection may very well save you. Note that a combination of antivirus and Web content filtering would create stronger protection, as if the malicious site is blacklisted on the Web filtering part, antivirus may not be needed to make the attack fail. However, it is always good to have both due to the ever increasing sophistication of threats.
Fortinet has notified both Facebook and Google, and posted the following advisory on its FortiGuard Center: http://fortiguardcenter.com/...
Guillaume Lovet, Senior Manager at Fortinet's FortiGuard Global Security Research Team, advises the following 'Top Five Tips' to avoid becoming a victim of this potentially devastating attack:
1. Beware of messages with a link inside.
2. If you do detect any such messages, ask yourself if the message you're reading is from who it claims to be. It is actually very easy to separate messages that are from people you know, and imitators, as worms cannot imitate people's own style of writing.
3. Be vigilant about video content. A lot of social engineering sleight of hand used by social networking sites rely on teasing the victim into watching a video. Keep in mind that online videos share a very common format (i.e. Flash), so if you can normally see flicks on youtube or dailymotion, you won't ever need any additional plugin or codec. Most importantly: codec which come in the form of executable setup files are, in this context, Trojans.
4. Don't browse the Web with a system that's not up-to-date with security updates. Often, those malicious end-points carry some web-browser exploits that will actually push the Trojan onto your system without your knowledge, let alone your interaction. This won't happen if your browser is up-to-date. You may prefer alternate browsers for that purpose, hence reducing the exploit surface in your technology.
5. If you have already been fooled by the virus, antivirus protection may very well save you. Note that a combination of antivirus and Web content filtering would create stronger protection, as if the malicious site is blacklisted on the Web filtering part, antivirus may not be needed to make the attack fail. However, it is always good to have both due to the ever increasing sophistication of threats.
