• United States



‘Significant’ Facebook attack doesn’t care if you’re a PC or a Mac

Jun 01, 20113 mins
Data and Information Security

F-Secure says a “significant” Facebook-based attack is in progress, and the victims are both Windows AND Mac users.

The security vendor posted the following in its lab blog:

There’s a significant Facebook malware attack occurring at the moment.

The attack is spreading virally using Facebook’s “Like” feature — a method well established by rogue Cost Per Action (CPA) marketing affiliates. But unlike CPA spam that redirects to deceptive ads, this “viral video” is linking to a Lithuanian server that serves up Windows and/or Mac malware.

This is the first time we’ve seen malware using “viral links”. (Stuff such as Koobface uses phishing and compromised accounts.)

The bait uses the following subject lines: “oh shit, one more really freaky video O_O” and “IMF boss Dominique Strauss-Kahn Exclusive Rape Video – Black lady under attack!” and points to a subdomain on “”

When testing the link from Germany, Finland, France, India and Malaysia, we were safely redirected to Testing from the USA and UK offered up Mac scareware or Windows malware depending on our browser user agent IDs.

The attack is GEO-IP as well as OS aware.

And though this attack started more 16 hours ago, Facebook does not yet block links to even though the subject text and the root domain has remained unchanged during that time. This could be due to the fact the attack is utilizing Facebook “Likes” rather than posting links to user’s Walls which can be more easily filtered by Facebook’s security team.

Or perhaps they’re still catching up on their post-Memorial Day holiday e-mail.Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

This stuff has become all too familiar in recent months. On Facebook, I’m seeing spam postings every day on friends’ walls, and the messages are getting more clever all the time. The bad guys started with messages that promised sexual content, then they started telling users a click of the link would show them who is defriending them and other things that target our vanity.

And, as we’ve been reporting lately, Mac users are increasingly under the gun. In the last week alone, two of my friends contacted me to say they had been hit with the “Mac virus” and asked what they needed to do about it.

I’m not used to getting that question from Mac users.

The lesson is the same as always, though: If you see a headline and link promising to show you who is doing what to your social networking profiles, treat it like the porn and “make-money-fast-and-easy” material.

Avoid it, and send your friend a message about what someone has posted in their name.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a