Blackhole Links to Social Media

Thursday, July 19, 2012 @ 04:07 PM gHale


Social media attacks continue to abound these days, but with manufacturing automation professionals looking to boost their presence on sites like Facebook, there needs to be a word of warning.

That is because malware infecting machines are getting users to open a malicious link in a fake Facebook email notification, security officials said.

RELATED STORIES
Breach: Change LinkedIn Password
States Hacked; Data Leaked
Hacking to Force Stronger Security
System Hacked, Victim Unaware

Everything looks legit about the alert with one big exception: the domain name for the sender’s URL is Faceboook.com, not Facebook.com, said researchers at SophosLabs.

“If you click on the link in the email, you are not taken immediately to the real Facebook website,” said Graham Cluley. “Instead, your browser is taken to a website hosting some malicious iFrame script (which takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware).”

Those who do click the “See Photo” button in the email are taken to the malicious site and before they can react, their browser redirects them to a random, unknowing person’s Facebook page and not the page of the person who supposedly sent the email.

Sophos said the malicious code is Troj/JSRedir-HW and is continuing to investigate.



Leave a Reply

You must be logged in to post a comment.