Facebook Slammed By Adware Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
News
5/18/2010
10:08 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Facebook Slammed By Adware Attack

A security researcher calls the weekend attack 'stunning in terms of scale.'

Lured by the promise of the "sexiest video ever," hundreds of thousands of Facebook users found their PCs infected by adware over the weekend.

Unsuspecting users clicked on a thumbnail showing a miniskirt-clad woman on an exercise bike, apparently posted on their Facebook page by a friend. Instead of seeing the video, users were told they did not have the correct software installed and were directed to download the necessary application. Then, instead of accessing video software, users downloaded popup-spewing adware, according to security software developer Sophos.

The malware uses Hotbar, a toolbar that connects to Internet Explorer and Windows Explorer, and connects users with paid ads and search engines, according to Switched. The toolbar also may gather personal data and download other updates from its server.

"You may want to watch a sexy video, but you're more likely to end up being plagued by pop-up advertising," said Graham Cluley, a senior technology consultant at Sophos, told The Economic Times. "It's no surprise that your friends might click to watch the movie when it looks to all intents and purposes that you are the person who has sent it to them."

In fact, more than 300,000 users reported the problem to AVG Technologies, said Roger Thompson, chief research officer at the developer of free anti-virus software.

"This latest issue really underscores how powerful, while at the same time vulnerable, social networking applications are. This attack was actually stunning in terms of scale,” he said. “Facebook is very responsive to threats when we identify them, and removing these applications as soon as they find them, but they’re still able to generate huge traffic, just because of the viral nature of social networks. It is staggering how many threats were propagated before they were stopped.”

Within 15 hours of the attack, Facebook removed the application, Thompson said. In a "Tip of the Week" on Monday, Facebook cautioned account-holders not to click on suspicious-looking links, even if they'd apparently been sent or posted by a friend.

This is not, of course, the first or last malware attack targeting Facebook users. In March, for example, McAfee warned Facebook users about a password-stealing phishing attack, where scammers sent emails purportedly from the social networking site, telling users their passwords had been reset and users had to click on an attachment to retrieve it. The attachment was, in fact, a password stealer that installed when clicked.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll