Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Scammers Using Browser Extensions to Hack Facebook Accounts

Spammers are once again attacking Facebook users through rogue browser extension as a mode for circulating malicious code, claimed researchers at Websense, web security vendor.

A message saying that the plug-in is required for enabling video content viewing on the social networking site, "facebook" is received by the used. A click to the malicious content immediately enables the downloading of the malware, which is then transferred to all the people added in the Friends' list. As a result, malware circulation is carried out incessantly at an unbelievable speed.

According to the security researcher at Websense Security labs, Elad Sharf scam pages normally apply social engineering tricks, such as through enticing videos or even free vouchers. These techniques are irresistible for victims and they are automatically motivated to install them in their browser plug-in, reports the register on 22 December 2011. Though the offers and videos are quite tempting, but one should not be under control and never commit a mistake of clicking them. These kinds of offers are generally designed to entrap a victim.

While explaining the matter, Sharf further added that the plug-in is a vital way by which the scam is multiplied and propogated incessantly by posting the victim's name on friend's pages.

As of now, researchers at Websense are only illuminated with the user's browser that is employed to disburse the rogue extensions for Mozilla Firefox or Google Chrome.

Chrome plug-in files end with a CRX file extension and Firefox plug-in files end with the XPI file extension. A script from external websites is loaded when some code is revealed by viewing thoroughly inside these nasty plug-in. The revealed code is further loaded through the browser and connected to Facebook.

However, scams that employ rogues, such as Facebook apps, malicious JavaScript pasted in address bars (self-XSS) or click jacking for spreading are usually brief as Facebook can easily employ necessary steps and prevent them at the server inter-phase itself.

As people normally check their Facebook accounts from multiple computers so, the company is likely to face a tough time compelling the users uninstalling the spiteful extensions serving their browsers.

Related article: Scammers Exploit Tax System Resulting in ID Theft

ยป SPAMfighter News - 12/31/2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page