More than one hundred and ten thousand Facebook users have been infected by a serious virus. This virus tricks the user as if it is giving them an update for the flash but is really infecting the computer with the Trojan which lets the creator take control of the computer.
While we see social engineering attacks and breaches through Facebook every day, some being very violent than the others, this particular one was notable due to its massive scale and the way by which it deceived Facebook users. This Trojan virus spreads itself via a links to a pornographic video which allows the malware to spread from account of the previously infected user of Facebook and then it tags almost fifteen to twenty Facebook friends.
Once the target is lured in and clicks on the video in the post, they will get a preview of the porn video which stops and then asks for a fake flash player to be downloaded once the fake flash player is downloaded and executed the system of the user gets infected.
Image Source: Google Images – Actual video that is infected with the Trojan virus showing the flash player update
The person who discovered this malware Mohammad Reza Faghan who is an internet security researcher and also specializes in security related to social media.
“We have been monitoring this malware for the last two days where it could infect more than 110 thousand user only in two days and it is still on the rise. This malware keeps its profile low by only tagging less than twenty users in each round of posts,” said Mohammad Reza Faghan.
Faghan further explained that a typical Trojan created especially for online social networks would send messages on behalf of the victim to a number of victim’s friends. Upon infection of those people the malware could only go one step further and infect the friends or initial victim’s friends.
Image Source: Google Images – Software update windows showing the deceptive flash player update
On the other hand this virus uses a new technique which we call “Magnet”; the malware gets more visibility to the potential victims as it tags the friends of the victims in a malicious post. This leads to hijack the Facebook account so that the malware could post in their name.
“The Trojan tags the infected user’s friends in an enticing post. Upon opening the post, the user will get a preview of a porn video which eventually stops and asks for downloading a (fake) flash player to continue the preview,” explains Mohammad Faghan.
Thomas George another social media security expert from Check-N-Secure further explains by saying that this theory is called epidemiology known as the basic reproduction number or R-Nought. Example, the number of people each victim is likely to infect. An R-Nought of less than one – for instance with massive hit and hope spam email attacks is likely to die out on its own, unless more emails are sent, because the users are not infecting each other at the same time. However, anything more than 1 can spread on its own accord. That is because without further effort from the attackers, more victims are being claimed. On the basis that each infected user is then spreading the Trojan to more than fifteen people or friends to precise. This causes an enormous issue in stopping the spread and more importantly, cleaning up the users that have fallen into this trap. Due to the scale and inter connectivity of Facebook, this is potentially a fatal flaw.
#Facebook has a #porn #virus and it's spreading like STD. pic.twitter.com/cH674nSZAH
— Anon.Dos (@anondos_) February 4, 2015
Facebook's been hacked by a porn virus. So until this clears up, don't poke anybody without a condom.
— Stephen Colbert (@StephenAtHome) November 16, 2011
So the question comes to mind why porn and why Facebook. A regular porn user will not go to Facebook or any other social media site to complete their needs. Reason being is because Facebook and most of the other social media platforms do not allow such content on their servers. However, a hacker with good knowledge related to these particular websites will use three basic mediums on Facebook to create their own technicalities in this rule.
First and foremost, content on Facebook spreads like wildfire with a limited number of employees working for Facebook which makes it too slow to follow up. As a hackers rule the first four house of a phishing attack are the most lethal ones. Mainly because people only use Facebook when they want to update a status or when a notification pops up. Making a massive audience bound to see the fake message or post within minutes of receiving the notification. This limits the staff of Facebook – that works in the security department – to check the problem.
Secondly, people have subconsciously started trusting Facebook a lot. That is because of its vast popularity and due to the fact that it has been there almost for the past ten years. This makes Facebook completely different than other websites present on the large cloud of internet; making it difficult for general population to understand the fact that the websites linked to on the network are hosted externally and that porn videos posted there are no less likely to carry malwares or viruses than those found elsewhere.
In order to stop this massive attack and if you think that you have been infected simply follow the steps below:-
- Scan your system with Hitman Pro (http://www.surfright.nl/en/hitmanpro/cyscon-en). It is there to enhance your existing antivirus program and focuses on deleting malwares and Trojans.
- Install an auto updater CSIS Heimdal Security Agent (https://heimdalsecurity.com/en/). This software constantly searches for new updates for your system and installs them automatically.
- Switch your operating system updates to “on”. Since these updates have different sets of security patches which later helps your operating system determine a potential threat and than deleting them. It also enhances the protection software or antiviruses that are installed in your machine.
If possible purchase a professional antivirus system and please make sure that the back ground checker is active and the antivirus is kept up to date so that the time between updates is short – the higher the level of protection, the safer you are.
Anonymous recommends: Protect your PC & mobile devices from hackers & governments & surf anonymously
Source:
http://seclists.org/fulldisclosure/2015/Jan/131
http://rt.com/usa/228743-facebook-magnet-trojan-porn/
How stupid you gotta be to download a Flash update coming from a porn video? Seriously, I’ve made this mistake just once when I was 13…
Wtf you have 13 and you look porn, where go the world ?
ME CAPTAIN CAVE MAN, ME NO APPROVE WATCH OF PORNO
That’s why facebook users open and install the virus, because they are 13 years old. Or the old people who don’t know how facebook works…
How did Steven Colbert report on this @ 10:03AM November 16,2011???
Great question…
Good question
#HeDidIt.
I have seen many such links which tagged my friends
I don’t know if it means anything, but a couple of days ago this happened to me. However, it was NOT on a porn sit. When it wanted to update my Flash player, I happened to know that I had the most current version. I backed out of there. It was definitely NOT a porn site.
Are you sure it wasn’t a porn site?
It’s ok to browse porn.
fuck porn
Dianne, the fact that you had to mention it twice means it probably was a porn site haha….I don’t understand your concern though, it is a perfectly normal thing for anyone to watch and nobody can pass judgement since practically everyone does/has done it.
Well, I swear how can someone be so stupid as to click on a porn video on Facebook and then download a “Flash Player”. I mean a normal person would most likely think that you’re preacher wouldn’t tag you in a Porn video. LMAO!
It’s not a Trojan if it allows control over a PC, then its a RAT, or a Remote Admin Tool (I’ve made some of these…)
dont know what happend with people
who are like to watch porn even on FB
Come on guys… I’m not grammar nazi, but the English in this article is absolutely dreadful at times. It’s nearly painful to read.
As it turns out you are indeed a fucking grammar nazi