Aug 29, 2013

    Beware malware posing as FB video

    A MALICIOUS piece of software masquerading as a Facebook video is hijacking users' Facebook accounts and Web browsers, according to independent Italian security researchers who have been investigating the situation.

    The malware appears as a link in an e-mail or Facebook message telling people they have been tagged in a Facebook post. When users go to Facebook and click on the link, they are sent to another site and prompted to download a browser extension or plug-in to watch a video, said Mr Carlo De Micheli, one of the researchers.

    Once that plug-in is downloaded, the attackers can access everything stored in the browser, including accounts with saved passwords.

    Mr De Micheli said the malware has been spreading at a rate of about 40,000 attacks an hour and has so far affected over 800,000 people using Google's popular Chrome browser. It is replicating itself primarily by hijacking victims' Facebook accounts and reaching out to their friends.

    A user hit by the malware cannot easily remove it, since it blocks access to the browser settings that let it be removed and also blocks access to many sites that offer virus-removal software.

    A spokesman for Google said the firm is aware of the attack and has already disabled the browser extensions that allowed it.

    Facebook said its security systems had also detected the attack and it was working to clear the malicious links.

    But Mr De Micheli said the attackers were adapting the malicious code and had already found a way to target users of Firefox, another popular browser.

    He added that browser makers should do a better job of warning users that installing a plug-in, like installing a smartphone app, can give the software access to a wide variety of personal information.NYT