Hi folks,
Over the weekend, a friend of mine, Gadi Evron noticed a Facebook worm. He wrote about it here, and Nick FitzGerald also wrote about it here.
I thought it was worth making a quick video about, just so folks could see how easily it worked. That video is here:
WARNING! It is R-rated, so be aware.
What happens is that if one of your friends gets infected, their profile page and their news feed show a scantily clad girl. If you click the picture, you're taken to the attack website, and it asks you to click a button to "see something hot". If you click the button, your profile and status are updated to show the scantily clad girl, and thereby entice all your friends to the same page.
The attack is what's known as Cross Site Request Forgery (CSRF), which is a pretty tricky attack, but the basic idea is that a malicious site tricks the innocent site into doing something it didn't intend to, such as, in this case, updating the victim's profile and status with the malicious link.
This is something that's best fixed by Facebook, and undoubtedly they'll react quickly, and in the meantime, LinkScanner blocks the attack site just fine, but the really interesting question is what other pages might be also using the same attack. Late last night, Nick also found another link to the same exploitive website, but instead of being adult-themed, its hook is the popular farmville app.
The _really_ interesting question, however, is how many other people have been using the attack without being so obvious about it. When your profile suddenly starts luring your friends and family to porn sites, that tends to stand out, but one wonders what else might have been happening with more subtlety.
The worst hack is always the one you don't know about.
Keep safe, folks.
Roger
Share | |
Comments