Scammers Using Browser Extensions to Hack Facebook Accounts
Spammers are once again attacking Facebook users through rogue browser extension as a mode for circulating malicious code, claimed researchers at Websense, web security vendor.
A message saying that the plug-in is required for enabling video content viewing on the social networking site, "facebook" is received by the used. A click to the malicious content immediately enables the downloading of the malware, which is then transferred to all the people added in the Friends' list. As a result, malware circulation is carried out incessantly at an unbelievable speed.
According to the security researcher at Websense Security labs, Elad Sharf scam pages normally apply social engineering tricks, such as through enticing videos or even free vouchers. These techniques are irresistible for victims and they are automatically motivated to install them in their browser plug-in, reports the register on 22 December 2011. Though the offers and videos are quite tempting, but one should not be under control and never commit a mistake of clicking them. These kinds of offers are generally designed to entrap a victim.
While explaining the matter, Sharf further added that the plug-in is a vital way by which the scam is multiplied and propogated incessantly by posting the victim's name on friend's pages.
As of now, researchers at Websense are only illuminated with the user's browser that is employed to disburse the rogue extensions for Mozilla Firefox or Google Chrome.
Chrome plug-in files end with a CRX file extension and Firefox plug-in files end with the XPI file extension. A script from external websites is loaded when some code is revealed by viewing thoroughly inside these nasty plug-in. The revealed code is further loaded through the browser and connected to Facebook.
As people normally check their Facebook accounts from multiple computers so, the company is likely to face a tough time compelling the users uninstalling the spiteful extensions serving their browsers.
Related article: Scammers Exploit Tax System Resulting in ID Theft
» SPAMfighter News - 31-12-2011