Software // Social
News
8/8/2014
12:10 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Facebook Malware: Protect Your Profile

Malicious "Color Change" app has resurfaced on Facebook, compromising thousands of profiles. Here's what to do if you're infected.

One of Facebook's oldest scams has resurfaced, this time infecting more than 10,000 people around the world, according to Cheetah Mobile, a Chinese Internet company.

The app, called "Facebook color changer" claims it can change the color of users' profiles. The link appears to take people to apps.facebook.com/themsandcolors, but instead redirects them to a malicious phishing site.

Cheetah Mobile found that this iteration of the scam stems from an apparent vulnerability in Facebook's app page. This vulnerability lets hackers implant viruses and malicious code into Facebook-based applications, which direct users to phishing sites, it said.

[Facebook's latest changes include a number of improvements. Read Facebook Privacy: 10 Settings To Check.]

The latest version of the scam works in two ways. First, it asks users who click the link to view a color changer tutorial video. If users view the video, it steals their Facebook access tokens, which gives the hackers temporary access to the user's Facebook friends, Cheetah Mobile said.

"If a user doesn't view this video, it then tries a new way to spread the malicious software by getting consumers to download a malicious application," Cheetah Mobile explained in a blog post. If the person is using a PC, the site leads them to download a pornography video player. Android users will see a warning that their device has been infected and it prompts users to download a suggested app.

Security expert Graham Cluely said this scam continues to surface simply because people want to tweak their account -- whether it's by downloading an app to see who has looked at their profile -- another common scam, he said -- or because they want to turn it bright pink instead of "Zuckerberg blue."

"The key is to always be extremely wary of anything that tells you that you have to share the link or like something before it will let you get your hands on what they have promised," Cluely told InformationWeek. "They're using the lure of a Facebook color change as a way to spread their scam further."

What to do if you're infected
If you've already been infected by this malware, change your password immediately and remove the color changer app from your account. To change your password, visit your account settings and click the Privacy tab. Click Edit next to the Password option.

To remove the app from your account, click the Apps tab on your Settings page. Find the app under "Apps you use," and click the "x" to delete it.

You can also download free antimalware scanning software from Facebook. In May, the social network partnered with Trend Micro and F-Secure to offer this service, which alerts you when it detects that your device might be infected. If you're infected, you'll see a pop-up notification prompting you to download either F-Secure's malware scanning and cleanup technology or HouseCall from Trend Micro.

Cluely advised that all users should exercise caution when using Facebook and clicking on links. "The best protection is to clue yourself up and not be fooled by every message you see from your Facebook friends," he said. "Maybe they have already been duped."

Cyber criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Get the Advanced Attacks Demand New Defenses report today. (Free registration required.)

Kristin Burnham currently serves as InformationWeek.com's Senior Editor, covering social media, social business, IT leadership and IT careers. Prior to joining InformationWeek in July 2013, she served in a number of roles at CIO magazine and CIO.com, most recently as senior ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
8/18/2014 | 2:38:52 PM
Re: What the Zuck???
I never saw MySpace but I do agree with you about FB. It does look organized to a degree. It seems to be a sequential post list like Twitter. The amount of time spent on FB is staggering judging from the amount of times my girlfriend's phone rings to notify her that another FB post has been made. Now the trend seems to be posting videos. Crazy.
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
8/18/2014 | 2:34:34 PM
Re: What the Zuck???
LOL! Thanks very much.
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
8/18/2014 | 11:53:57 AM
Re: What the Zuck???
Yeah I hate it when I am the one being ignored for the cat update too! Whlie I have trashed FB and other social media, there is a place for it. Unfortunately everything seems to get abused these days. It would be nice to weave FB into the interpersonal interactions that used to take place. The other good thing about FB is that all those stupid chain letters that were formerly sent by email are now in FB.
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
8/18/2014 | 11:44:38 AM
Re: What the Zuck???
Yeah it is like when I was growing up and the relatives or neighbors came over with the slide projector and you had to sit through hours of travel snaps. It was really boring and I happen to love travel. I also like dogs and cats too but I have seen what is on FB and it really is a waste of time.
danielcawrey
100%
0%
danielcawrey,
User Rank: Ninja
8/11/2014 | 7:03:18 PM
Re: What the Zuck???
For whatever the criticisms people have about Facebook, the truth is that the company has been able to keep a relatively clean interface.

Remember the hodgepoge that was MySpace? It seems as though people yearn for those days to some degree, which makes this color malware a popular carrot for scammers. 
DAVIDINIL
50%
50%
DAVIDINIL,
User Rank: Strategist
8/11/2014 | 6:07:03 PM
Re: What the Zuck???
"What the Zuck".  Nicely done sir. 
elaineli1010
50%
50%
elaineli1010,
User Rank: Apprentice
8/11/2014 | 12:40:23 PM
How did they get this info?
How did this Chinese company get this information?  Access to Facebook is blocked in China.
Laurianne
50%
50%
Laurianne,
User Rank: Author
8/11/2014 | 11:38:37 AM
Re: What the Zuck???
I am waiting for some serious malware to speard through a Facebook quiz. Think of how many you see in your feed in a given day.
Gary_EL
50%
50%
Gary_EL,
User Rank: Ninja
8/9/2014 | 9:00:22 PM
Re: What the Zuck???
>> I can see people in restaurants not even interacting with each other.
>> Instead they are pecking away on their phones FB'ing their pals

I agree, and it really ticks me off when I'm the one being ignored. But, I take heart in the fact that the same person is ignoring someone else when (s)he is FB'ing with me.

But, if you work at home, FB is really great in that I can partake in gossip and other social fun even when I'm alone at home at my keyboard - like now.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
8/9/2014 | 6:51:54 AM
Re: What the Zuck???
If the color change is an attractive lure for Facebook users then two questions come to mind. First, do the users want a color change for personal viewing pleasure or for broadcasting purposes? Second, is Facebook's concern to not give users access to color themes -- beneficial to the user or Facebook is acting in self-interest and is concerned that multiple colors would harm its brand.
Page 1 / 2   >   >>
Social is a Business Imperative
Social is a Business Imperative
The use of social media for a host of business purposes is rising. Indeed, social is quickly moving from cutting edge to business basic. Organizations that have so far ignored social - either because they thought it was a passing fad or just didnít have the resources to properly evaluate potential use cases and products - must start giving it serious consideration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 23, 2014
Intrigued by the concept of a converged infrastructure but worry you lack the expertise to DIY? Dell, HP, IBM, VMware, and other vendors want to help.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.