Spam Follows Facebook’s Inadvertent Elimination Of User Accounts
A security flaw, which prompted Facebook the well-known social networking website to inadvertently eliminate many authorized accounts during the 4th week of November 2010, was fast exploited when online crooks tricked the site's users into running a malevolent Trojan, M86 Security Labs reports.
Actually it was on November 23, 2010 that Facebook confirmed the discovery of the flaw within its system, which if exploited could enable the execution of malicious operations, one of them being erasing accounts.
Worryingly, online crooks took advantage of the situation and distributed spam mails that had the headers: "Facebook Service. Your account is blocked" or "Facebook Service. A new password is sent you."
Telling how the incident affected her, a Facebook member Linda Sharkey stated that after she found her account in a non-working condition because she couldn't log into it, she got an e-mail which appeared to be from Facebook. In that it was stated that Facebook had to disable her account since she had breached certain rule while posing as someone else, alternatively while trying to hide her original identity. Esecurityplanet.com published this on November 24, 2010.
Later, following the above e-mail, another one arrived again from Facebook even as Sharkey denied that she broke the terms and conditions of the website. That e-mail stated that Facebook would unblock Sharkey's Web account; however, she needed to submit the details of her identity with the company, including her government-issued ID in its digital form.
Remarking about this incident, Product Manager Ed Rowley of M86 Security stated that it showed the vulnerability status of Facebook. Immediately when news emerged about Facebook being hit, there was associated e-mail junk. The spam returned with a refreshed Trojan, connected with the C&C server as also made the malware up-to-date. Rowley added that the entire episode demonstrated a fresh technique with which the malware worked. SCMagazineUK.com published this on November 23, 2010.
Said Senior Technology Consultant Graham Cluley at Sophos the security company in an advice to Web-surfers following the incident, they should always remember to remain wholly doubtful regarding unsolicited e-mails that simply came from nowhere. SCMagazineUK.com reported this.
Related article: Spam Scam Bags a Scottish Connection
» SPAMfighter News - 07-12-2010