F-Secure says a “significant” Facebook-based attack is in progress, and the victims are both Windows AND Mac users.The security vendor posted the following in its lab blog:There’s a significant Facebook malware attack occurring at the moment. The attack is spreading virally using Facebook’s “Like” feature — a method well established by rogue Cost Per Action (CPA) marketing affiliates. But unlike CPA spam that redirects to deceptive ads, this “viral video” is linking to a Lithuanian server that serves up Windows and/or Mac malware.This is the first time we’ve seen malware using “viral links”. (Stuff such as Koobface uses phishing and compromised accounts.) The bait uses the following subject lines: “oh shit, one more really freaky video O_O” and “IMF boss Dominique Strauss-Kahn Exclusive Rape Video – Black lady under attack!” and points to a subdomain on “newtubes.in”When testing the link from Germany, Finland, France, India and Malaysia, we were safely redirected to youtube.com. Testing from the USA and UK offered up Mac scareware or Windows malware depending on our browser user agent IDs.The attack is GEO-IP as well as OS aware.And though this attack started more 16 hours ago, Facebook does not yet block links to newtubes.in even though the subject text and the root domain has remained unchanged during that time. This could be due to the fact the attack is utilizing Facebook “Likes” rather than posting links to user’s Walls which can be more easily filtered by Facebook’s security team.Or perhaps they’re still catching up on their post-Memorial Day holiday e-mail.Sign up today.Get your morning news fix with the daily Salted Hash e-newsletter! This stuff has become all too familiar in recent months. On Facebook, I’m seeing spam postings every day on friends’ walls, and the messages are getting more clever all the time. The bad guys started with messages that promised sexual content, then they started telling users a click of the link would show them who is defriending them and other things that target our vanity. And, as we’ve been reporting lately, Mac users are increasingly under the gun. In the last week alone, two of my friends contacted me to say they had been hit with the “Mac virus” and asked what they needed to do about it.I’m not used to getting that question from Mac users. The lesson is the same as always, though: If you see a headline and link promising to show you who is doing what to your social networking profiles, treat it like the porn and “make-money-fast-and-easy” material. Avoid it, and send your friend a message about what someone has posted in their name. –Bill Brennerone-stop view of latest business threats. We created it for you! Bookmark it! Use it!CSO’s Daily Dashboard gives you a Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe