IC3 Cautions of Osama-Related XSS Assaults

The IC3 (Internet Crime Complaint Center) of FBI (Federal Bureau of Investigation) lately issued an alert for citizens that certain new scams were doing the rounds. Norristown.patch.com reported this on May 26, 2011.

Actually, whenever any prominent news event surfaces, Internet fraudsters typically try to exploit it. Consequently, the IC3 watches over the complaint database it prepares for determining if there's any scam. Likewise it happened with Osama bin Laden's death.

Reportedly, a related online scam has been detected as XSS (cross-site scripting). It (the scam) lets cyber-criminals to run a malware program on the attacked site via an end-user's Web-browser through values created within the attacked website's URL, forms of the web, alternatively during instances wherein websites invite visitors to post content straight away.

Highlights FBI within its security alert, lately visitors on social-networking websites have been victimized with "self" contaminating XSS assaults wherein they themselves carry out the assault via doing as directed i.e. watching the new movie on Osama bin Laden. But, prior to that, the users require doing one security check spanning 5-secs. Some shortcut keystrokes lets them to incorporate malware straight inside the URL displayed within their browser, while no indications appear that it's a malware campaign, explains FBI.

And while it's encouraging to have the FBI alert, which will expectedly aid in creating awareness on future assaults, there's hardly anything in the warning for stopping the one the advisory has already mentioned since that one happened during the early-weeks of May 2011.

Worryingly, according to FBI, these reported self-infecting XSS assaults aren't unprecedented.

Nevertheless, they have gotten to be increasingly frequent against Facebook lately, making the social-networking firm introduce filtering technology for such assaults.

Unfortunately, as Joe Sullivan, Chief Security Officer of Facebook stated, the situation was one of the cat chasing a mouse in a circle wherein immediately as the spammers devised fresh tactics, the social-networking website's team of security professionals had to adjust the safeguard systems suitably. Softpedia.com published this on May 27, 2011.

Overall, users are advised against pasting anything incomprehensible inside the address bar of their browsers as that could prove highly risky.

Related article: ICC Cup Event Could Be Fodder for Phishers

» SPAMfighter News - 6/6/2011