Super smart social threats running wild

gallery

ANALYSIS A number of developments this week have not only confirmed scams on social sites are massively widespread, they’ve established the cyber criminals behind them are getting awfully clever.

As almost every security expert under the sun predicted towards the end of last year, social networks are getting cluttered with scammers looking to make an easy buck.

Trojan.FakeAV.LVT takes social engineering to a whole new level by presenting the user with extremely convincing scenarios at each stage of the process.

Those experts may not have banked on such sophistication, however. Today, BitDefender released info on what may be the smartest piece of social engineering seen yet.

It leverages two Web 2.0 services – YouTube and Facebook – to trick users into downloading malware.

Known as Trojan.FakeAV.LVT, it attempts to trick Facebook users into believing a video about them has been posted on YouTube.

Simple, no? But here’s where the cyber criminals get cunning, as they’ve managed to add comments to supplement the video which appear to be from the target’s Facebook buddies.

The video itself even has the target's full name in the title, as spelt on their Facebook profile.

Once the target tries to watch the video, they are prompted to install what is purportedly an ‘updated version’ of Flash. Of course, the download contains nothing of the sort – it carries fake anti-virus software containing both a malware downloader and botnet capabilities to further the propagation of the threat.

The criminals’ guile doesn’t stop there. The fake anti-virus can impersonate the look and feel of 16 different legitimate security solutions currently on the market. Once installed the fake AV removes the real product and the victim is infected. Cunning stuff.

“Trojan.FakeAV.LVT takes social engineering to a whole new level by presenting the user with extremely convincing scenarios at each stage of the process,” said Catalin Cosoi, head of the BitDefender Online Threats Lab.

“Trojan.FakeAV.LVT is deceptively clever as it is capable of replicating almost any anti-virus or online security software on the market today. To guard against these cunning new threats, BitDefender recommends downloading Flash-related updates through the Adobe website, instead of through a redirect link. If you’re unsure whether the video is legitimate, it’s best to go directly to YouTube and search for the video’s existence.”

Facebook phishing frenzy and terrible tweets

Malicious hackers have been filling Facebook with their illicit ideas as well.

There was a significant rise in phishing attacks on Facebook in June, with a 4.07 per cent increase, Kaspersky pointed out this week. Facebook is now the third most phished website.

Twitter, meanwhile, has seen thousands of users compromised, with hackers trying to spread the word about a weight loss supplement. The old Acai Berry diet scam is still doing the rounds, it seems, with typical tweets reading: "Get the beach body you've always wanted, now you can with this weight loss supplement.”

Sophos said it was unclear how the accounts had actually been compromised, but nonetheless advised affected users to change their passwords immediately.

Google+ looks set to be yet another playground for hackers too.

“We expect an increase in unsolicited emails exploiting the new Google social network,” said Maria Namestnikova, senior spam analyst at Kaspersky Lab.

“They will most likely contain both phishing links and malicious code.”

If cyber criminals continue to get ever more convincing in their scams, as in the YouTube fake AV exploit above, a lot of users could be in trouble.

How should users counter these threats? The only real answer at the minute is to have decent levels of security, not just rely on heuristics-based anti-virus products, and to be aware of the kinds of tricks online crooks are capable of. There's little else that can help.

Email to a friend

Print this page