It's a Facebook clickjack scam

Japanese Tsunami Launches Whale Into Building? It's a Facebook clickjack scam

Amplify’d from nakedsecurity.sophos.com

Japanese Tsunami Launches Whale Into Building? It's a Facebook clickjack scam

Sick-minded scammers are up to their dirty tricks again, trying to make a quick buck out of the Japanese earthquake and subsequent tsunami which has shocked people around the world.

Many people are shocked by the TV news reports, showing the devastation wrought on the people of Japan, and some of the video footage taken by media agencies and individuals in the country is truly extraordinary.

And it is against this backdrop that scammers have launched their latest campaign.

Japanese Tsunami Launches Whale Into Building You won't believe this! Crazy Footage!

Other versions read:

GRAPHIC VIDEO.. Japans Tsunami Sends WHALE Smashing Into A Building!

Of course, this is just the latest FouTube clickjacking attack to hit Facebook, and sure enough if you click on the link you are taken to a webpage which tries to trick you into clicking (which will silently say to all of your Facebook friends that you "Like" the page).

Will you get to see a video of a whale launched into a building by the Japanese tsunami? No, of course not.

Instead, you're asked to complete a survey which earns commission for the scammers.

When I tried it, the survey attempted to tempt me with the offer of a purple iPad. Funny, I thought Steve Jobs only made them in black and white.

How to clean-up after a likejacking attack If you made the mistake of clicking on a link spread via a scam message like the ones listed above, you should check your Facebook news feed and remove any offending links that you might have spammed out to your friends. Hover your mouse over the top right hand corner of the post and you should see a small "x" which will allow you to remove it.

And if you entered your mobile phone number, you should keep a close eye on your cellphone bill and notify your carrier to prevent bogus charges from stinging you in the wallet.

Remember to be wary of any links that look like this. If you really want to watch a video chances are that it's available for free - without you having to complete any surveys - on legitimate video sites like YouTube.

Going forward, it's essential that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 60,000 people regularly share information on threats and discuss the latest security news.

We've also published some good best practices for better privacy and security on Facebook.

Hat-tip: Thanks to Naked Security readers Don, Rogi and Tripad who contacted us about this scam.

About the author Graham Cluley is senior technology consultant at Sophos. In both 2009 and 2010, the readers of Computer Weekly voted him security blogger of the year and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which is very cool. His awards cabinet bulging, he was voted "Best Security Blogger" by the readers of SC Magazine in 2011. You can contact Graham at gc@sophos.com, or for daily updates follow him on Twitter at @gcluley. View all posts by Graham Cluley Read more at nakedsecurity.sophos.com

 

See this Amp at http://bit.ly/i6MHD1

Bogus CNN video scams Facebook users

Japanese Tsunami RAW Tidal Wave Footage - Bogus CNN video scams Facebook users

Amplify’d from nakedsecurity.sophos.com

Japanese Tsunami RAW Tidal Wave Footage - Bogus CNN video scams Facebook users

Facebook users are being tricked into clicking on links which claim to be raw CNN footage of the Japanese tsunami by cold-hearted scammers - as part of a plot to earn money by driving web traffic to take online surveys.

The videos, which in the examples seen by Sophos exist on a website called spinavideo, purport to be footage of the horrifying tsunami which hit parts of Japan on Friday.

Japanese Tsunami RAW Tidal Wave Footage

Clicking on the link takes unsuspecting users to a website which pretends to be YouTube, but is in fact designed to clickjack users into unwittingly agreeing to Facebook "Like" the page (which spreads the scam virally across the social network).

Users are then tricked into taking an online survey which earns commission for the scammers. No doubt the scammers are hoping that by pretending the video footage comes from CNN, more people might be tempted to click on it.

It's a sad reflection on human nature that a series of scams have appeared since the disaster in Japan, all trying to make commercial gain out of what is a horrific human tragedy.

Remember to always get your news from legitimate news websites, and if you're hunting for a video make sure that you go to the real YouTube website rather than a replica set up by scammers.

How to clean-up after a likejacking attack If you made the mistake of clicking on a link spread via a scam message like the one listed above, you should check your Facebook news feed and remove any offending links that you might have spammed out to your friends. Hover your mouse over the top right hand corner of the post and you should see a small "x" which will allow you to remove it.

And if you entered your mobile phone number, you should keep a close eye on your cellphone bill and notify your carrier to prevent bogus charges from stinging you in the wallet.

Remember to be wary of any links that look like this. If you really want to watch a video chances are that it's available for free - without you having to complete any surveys - on legitimate video sites like YouTube.

Going forward, it's essential that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 60,000 people regularly share information on threats and discuss the latest security news.

We've also published some good best practices for better privacy and security on Facebook.

Hat-tip: Thanks to Naked Security reader Kara who contacted us about this scam.

About the author Graham Cluley is senior technology consultant at Sophos. In both 2009 and 2010, the readers of Computer Weekly voted him security blogger of the year and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which is very cool. His awards cabinet bulging, he was voted "Best Security Blogger" by the readers of SC Magazine in 2011. You can contact Graham at gc@sophos.com, or for daily updates follow him on Twitter at @gcluley. View all posts by Graham Cluley Read more at nakedsecurity.sophos.com

 

See this Amp at http://bit.ly/fZWbRf

Fake Android Market Security tool

Fake Android Market Security tool delivers more than just a cure for Droid Dream malware

Amplify’d from nakedsecurity.sophos.com

Fake Android Market Security tool delivers more than just a cure for Droid Dream malware

Only a couple of days after Google published its Android Market Security Tool - that removes all malicious applications infected with Droid Dream malware and prevents their installation - a malicious version of the tool appeared on alternative Chinese application markets.

The Trojanized version of the tool is packaged with open source Java code taken from a project hosted on Google's own online source code repository. The project includes functionality to send MMS messages in the background, for example, when the device boots up.

A suspicious user will immediately notice the difference between the fake and the real Android Market tool if they check the permissions required at installation.#

While the original tool only requires three permissions, the Trojanized version requires additional permissions for "Services that cost you money" as well as the device location.

Another difference is in the version number of the package. The original Google tool version is 2.5 while the fake tool's development is lagging behind a little, being "only" on version 1.5.

The latest attack does not affect Android Market but there may be many people, especially in China, happy to install a free Google's tool which will protect them against attacks by a malware family.

An attack pattern of creating a fake security tool that detects non-existing threats is very common in PC world and already brings a lot of income for cybercriminals.

Judging by the popularity of Android devices and the recent increase in malware attacks, it may be just a matter of time before we start seeing highly suspicious products like Antivirus Android 2012 on the market.

Personally, I think that the ability to install non-market applications and ability to create third party application markets was a mistake for Google's Android team from the security point of view. This path is leading us to Windows-like threat levels.

Sophos products detect the fake Android Market Security tool as Troj/Bgserv-A.

About the author Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics. View all posts by Vanja Svajcer Read more at nakedsecurity.sophos.com

 

See this Amp at http://bit.ly/g3drp8

Update your Apple devices to iOS 4.3

Update your Apple devices to iOS 4.3, or risk malicious code attacks

Amplify’d from nakedsecurity.sophos.com

Update your Apple devices to iOS 4.3, or risk malicious code attacks

Apple has released iOS 4.3, the latest version of its operating system for iPhones, iPads and the iPod touch.

Although some will be excited by the promise of faster performance from Safari, better video streaming and the thought of sharing their iTunes library over WiFi around the home, perhaps the most important reason to install the update onto your Apple gadgets is security.

According to Apple, the new iOS 4.3 update includes a number of critical security patches - some of which are designed to prevent vulnerabilities being exploited that could lead to malicious code being run on your iPhone or iPad.

Details of the security fixes are included in an Apple knowledgebase article, and include protecting against maliciously-crafted TIFF image files that could be used to run malicious code on your device, and multiple memory corruption issues exist in WebKit, which could mean that visiting a boobytrapped website could lead to unauthorised code being executed.

These are, of course, the kind of vulnerabilities that have been exploited by malicious hackers and virus writers in the past and would present a way to deliver code to a non-jailbroken iPhone that did not involve entering via the official iPhone App Store.

There is no indication that these vulnerabilities have been exploited in the wild, but it would nevertheless be prudent to defend against them by installing the operating system patch to your iOS devices. Especially now that details of the security holes are known to the computer underground.

Bad news for iPhone 3G owners There's bad news though for users of older Apple devices, however. The iOS 4.3 update is only compatible with the iPhone 3GS and later and the iPod touch 3rd generation and later. (It works on the original iPad, and the imminent iPad 2)

So if you have an earlier iPhone or iPod touch your device is probably vulnerable to attacks which exploit these security holes, and there is no official patch available for you to protect yourself. That's bad news for the many people who still have an iPhone 3G, for instance.

If you were looking for an excuse to upgrade your iPhone or iPod touch - maybe you've just been given a good one by Apple. But if you were happy with your iPhone 3G, I doubt you're feeling too good about having to reach into your pocket.

Apple customers can download the iOS 4.3 update via iTunes, and more information about the update can be found on Apple's website. Read more at nakedsecurity.sophos.com

 

See this Amp at http://bit.ly/gq5L6E