New Virus Attacks FacebookStaff members of the social-networking service 'Facebook' are striving hard to crush a newly found virus that is spreading across its users, as reported by Softpedia on November 24, 2009. The report states that the virus places a picture on the Facebook Wall of a victim along with an image of a woman in bikini. It also posts a message that asks victim to click on the button. Actually, any posts on Facebook Walls become accessible to friends of the person using the site. When any such friend clicks on the particular button to view the picture, it gets posted on his Facebook Wall as well. Thereafter, the friend's browser displays a web-page showing a magnified form of the picture. If the friend or user clicks on the button again, he is directed to certain porn website, says Roger Thompson, Chief Research Officer at AVG Technologies, as reported by Pcworld on November 24, 2009. Following an analysis of the worm, Nick Fitzgerald, Emerging Threats Researcher at AVG, reached the conclusion that the method employed in the assault was CSRF (Cross-Site Request Forgery), as reported by Softpedia. But Facebook staffers do not agree with the CSRF issue instead they say that it is a method called 'click-jacking,' which is technically termed as 'user interface redressing.' Click-jacking, say security experts, is related to the Web core vulnerability with which webmasters can get surfers to click on a link they actually did not want to. In such a situation, according to Fitzgerald, when the worm propagates via the click-jacking technique, Facebook could find it difficult to fix the problem adequately, as reported by Pcworld. In the meantime, the new attack reminds that it is frequently unfeasible for anyone to determine the true destination of a given web-link. In fact, reputed security advisor Gadi Evron who was earlier Manager of Israel-CERT admitted that he had his Facebook profile exhibit the picture for a short time period after he had found it on one of his friend's page, as reported by Theregister on November 23, 2009. Evidently, Evron concluded that no one should therefore be complacent or trust systems fully without verifying them. Related article: New Zealand Releases Code To Reduce Spam ยป SPAMfighter News - 12/3/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
