Face book scam –“Twilight Breaking Dawn”

Face book users are finding themselves tagged in their online friends’ photo albums, in an attack seemingly under attack at fans of the “Twilight” teen leech romance movies. Following an attack against photo albums using an image of a Playboy-style bunny girl, scammers are now pretending to link to a game promoting the upcoming movie “Twilight Breaking Dawn” starring heart throbs Robert Pattinson and Kristen Stewart as the starcrossed lovers Edward Cullen and Bella Swan.

As well as Face book photo albums, users are also being tricked into “Liking” the scam links.

 

Play Twilight: Breaking Dawn

Be the first of your friends to play the awesome new Twilight game on Face book!

 

If you click on such a link then you will be taken to a Face book page which to all intents and purpose appear to be promote an online game, being used to market Twilight Breaking Dawn. But if you click on the button marked “Play Now” then you will be click jacked into saying you “Like” the link, thus spreading the link virally to your Face book friends.

 

If you’re running a protection against click jacking, such as Firefox add-on No Script, then you will be warned – but most people are probably unaware that the page has secretly claimed that they like the game, even though no game has yet been played! The scam doesn’t end there, however, as that would simply spread the link without earning any money for the ne’er-do-wells behind it. Users are then presented with a dialog, asking them to grant permission for a third party application to access their Face book account, and post messages, updates and photos to their wall.

 

Of course, if you’re a fan of “Twilight” you will quite possibly grant permission without thinking. The only problem being that this isn’t a legitimate application request, but being done by a rogue app which wants to make money out of your devotion to the works of Stephanie Meyer’s series of novels.

Predictably, with the ability to now post to your Face book account, the scammers now present the final piece of the jigsaw: an online survey which earns them affiliate commission for each person who completes the questionnaire. You will note that the survey deliberately presents itself in a convincing Face book style, which may trick some users into believing that it is legitimate. It seems that fans of Twilight are only too easy pickings for Face book scammers, judging by the large number of reports from affected Face book users we are seeing today.

Angelina Jolie, Nicole Kidman, Natalie Portman Secret Scams…

Want to see naked pictures of your favorite Hollywood actresses? It could cost you an expensive trip to your local computer repair shop if you do.

Fake email claiming to offer nude photographs of Angelina Jolie, Nicole Kidman, Natalie Portman, Milla Jovovich and pixilated videogame babe Lara Croft are behind 80 per cent of computer viruses last month, according to experts. For, though claiming to contain shocking pictures of female celebrities, the emails, once opened, install a malicious root kit.”These emails are masked as pornographic content, tempting the unwary into opening a file on their Windows computer which will install a root kit and download further malicious code from the internet,” said Graham Cluley, senior technology consultant for Sophos.

 

 

“This kind of social engineering trick is nothing new – in fact it has been used so often by cybercriminals that it from time to time feels like it’s been around since the days of the silent movies.”However, that hasn’t stopped it from being an effective way to fool many people into running code designed to allow hackers to break into computers. IT security and control firm Sophos is influence computer users to think before opening unsolicited email attachments following the widespread spam campaign.

The emails, which typically have an attached, file called amazing.zip or shocking.zip.

Mr. Cluley said: “The best way to defend you is to practice safe computing. That means not only running an up-to-date anti-virus, security patches and firewall – but also exercising caution over what programs you decide to run on your computer.”You should always think twice before opening a file that unexpectedly arrives in your email inbox.”

 

 

“Root kits are software frequently used by third parties – usually a hacker – to hide other software and processes using advanced stealth techniques.”Malicious code, such as spyware and key loggers, can be invisibly cloaked from detection by conventional security products or the operating system making them hard to detect.”Hackers use root kit technology to maintain access to a compromised computer without the user’s knowledge, so it’s important to be properly defended from these sort of threats.”

 

 

If you receive an e-mail (even from a friend) with an attachment promising video of starlets like Angelina Jolie or Natalie Portman wearing nothing but their pride, do yourself a favor and don’t open it: It’s a virus. Amazingly, 80 percent of reported computer infections last month came from this single source. The e-mails contain a message along the lines of, “Shocking video of nude Angelina Jolie,” and carry a single attachment named either amazing.zip or shocking.zip. The attachment purports to contain the titillating peep show, but what it actually includes is a piece of malicious software called a rootkit.

 

A root kit is basically computer code that installs itself in a protected area on your machine’s hard drive. Once there, it’s very difficult to detect and remove. Frighteningly, it can do just about anything it wants, including monitoring anything you type on your keyboard, rifling through your files for confidential information, participating in attacks against other computers and, of course, e-mailing itself to all of your contacts.Sending your friends a virus is no way to win their admiration, but sending them a virus that proves you’re the sort of person who would open an attachment like shocking.zip, well, that could do some serious long-term harm to your social status.

 

If you suspect your computer is infected with a virus, or you’d like to know how to spot the threats currently spreading themselves over the Internet, anti-virus software maker McAffe is a great resource. Granted, this a company trying to sell you a product, but its site offers free information on current viruses and free tools for removing some of the more sinister ones.

Miley Cyrus Sex Tape Hoax scattering On Face book

In the newest repayment of “Watch your most beloved/hated pop star do malicious things by clicking on this Face book link!” an supposed Miley Cyrus sex tape is circulating on Face book, but the entire thing is (surprise!) a scam. Let us know if you’ve seen this on your News Feed.

It was a hypothetical sex tape connecting Lindsey Lohan which got people rsvp-ing to actions that would link them to the video; of course, in reality the whole thing was about making you whole sale forms online, and the video didn’t exist. Then, it was Justin Bieber’s turn, and the promise to see the teen pop star during a “happy” moment actually spread spam and malware to your Face book friends.

Now, it appears that a new scam is spreading on Face book, though we still have to see it appear in our News Feeds. According to Sophos, a status update that goes, “omg Miley Cyrus sex tape [plus link]” is captivating over some legitimate Face book client accounts. It is indistinct how the users’ accounts are being compromise at the second, although the website that the link takes you to is clearly nasty. Do not click on it!

Have you seen this on your page/news feed?

Britney Spears has her Twitter account hacked Once More

Just over two months ago I explained on Twitter why I was next Britney Spears. In a nutshell, I pursue Britney on Twitter not because I’m involved in her music or her complex private life, but since it’s the best way of getting a heads-up on when her account next gets hacked.

Ironically enough, I wasn’t on Twitter nowadays as I was downward in London language at the “Information Security in the Public Sector” meeting about social networking threats.

So, where’s the irony? Well, while I was chatting about some of Britney’s past plight on Twitter her account was being hacked – again!

This occasion the bad guys replace her wallpaper and profile picture with emblems signifying she was part of some conspiratorial masonic secret world government (as far as I know, this isn’t true about Britney, although I have from time to time supposed she might be a shape-shifting lizard):

Some post were also posted to her legions of followers (over 3.7 million at the last count);

I expect that the new world order will arrive as soon as possible! -Britney

And

I give myself to Lucifer every day for it to arrive as quickly as possible. Glory to Satan!

 

I deduce we should be thankful that these hacks appear to have been mindless damage rather than aggravated by more malicious intentions. Imagine, for example, if the hacker had posted a message saying “Free tickets to a secret concert” which had taken some of Britney Spears’s millions of ardent fans to a malicious website? It’s not clear at this stage how Britney’s Twitter account was compromised – but probably the most likely bet is that a simple easy-to-crack password was being used or that one of Britney’s team fell for a phishing attack.

The Twitter account of Britney Spears does come into view to have now been brought back to order, and regret was posted to her followers:

 

However the attack happened it’s a opportune reminder to all of us (whether responsible for Twitter accounts with a small or huge following) to take greater care with our online security.

Video scam Of Osama Shoot down spreads on Face book

Face book user are being tempt to tick on links to what purport to be a video of Osama bin Laden life form shot, in the newest in a sequence of scams exploit the hot news story of the Al Qaeda leader’s death.

 

The messages come into view as follows:

 

Watch the Osama Shoot down video

Osama Dead – Censored Video Leaked

on.fb.me


Osama is dead, watch this exclusive CNN video which was suppressed by Obama Administration due to level of violence, a must watch. Leaked by Wiki leaks.Clicking on the link, though, will not right away show you some amazing recording of US Navy Seals attacking Osama bin Laden’s mix in Pakistan.

Instead, you’re told you will have to take an online survey.

That ought to be sufficient to set your alarm bells ringing – as survey scams are a continuing trouble on Face book, earning scammers payment with every survey they run to trick users into implementation.What’s most appealing about this scam is that they trick you into cutting-and-pasting a line of JavaScript into your web browser’s address bar.

Not that you’ll comprehend that you’re doing that, of course. As far as you know all you’re doing is following a sequence of commands and keyboard presses before you watch the video. But any time you paste a script into your browser’s address bar; you’re efficiently running code printed by the scammers without the safety net of shield.

Before you know it, you’ll be distribution the news of the “Osama Shoot down video” with all of your Face book friends, and the scam will be dispersion virally.My guess is that you don’t desire to make it so easy for the scammers to run their scripts on your browser – so don’t fall for scam like this.

 

Be very careful not to be fooled by scams related to Osama bin Laden’s death, not just on Face book but on other parts of the internet too. Such a big news story always seems to attract the interest of fraudsters and malware authors.

If you want to keep up-to-date on the latest scams, and are a member of Face book, don’t forget to join the Sophos Face book page to keep informed about the most recent security news.

Barred Lady Gaga video assault spreads on Twitter through rogue app

Watch out for tweets about a banned Lady Gaga video, currently spreading across the Twitter network.

The tweets are being posted by rogue applications that users are allowing to access their profiles in the belief that they will get to view a prohibited video of Lady Gaga

 

VIDEO PROHIBIDO LADY GAGA banned [LINK] @shakira @lady gaga como ganar dinero facil

(Please note that the precise wording can vary)

If you make the mistake of clicking on the link you are taken to a fake YouTube webpage.

 

Of course, you believe that you’re going to watch a banned video of Lady Gaga so you might very well click on the play button. Doing so, however, asks you to grant permission to a third party app which wants to connect with your Twitter account. Don’t, whatever you do, give it permission to continue. Because if you do, your account can now be accessed by third parties – who will be able to post messages in your name to all of your followers.

Hopefully the fact that the messages we have seen so far have all been in Spanish may reduce the impact of this particular attack. Interestingly, it seems that Lady Gaga herself has been having trouble with these Twitter hackers. The eccentric songstress, who has more followers on Twitter than anyone else in the world, posted a message yesterday saying:

Whoever is hacking my Twitter must answer to 10 million monsters and Twitter police. #Don’tMakeMeCallTheApostles

 

Although the singer quickly deleted the rogue tweets that had upset her so much from her page, I was able to discover them cached elsewhere on the net:

 

TAROT de shakira [LINK] clarividente de @shakira #horoscopo ganar dinero navegando

And

VIDEO PROHIBIDO LADY GAGA @lady gaga [LINK] ganar dinero navegando

The bit.ly links used in the messages posted to Lady Gaga’s Twitter page linked to the same fake YouTube page, and were created by the same person who appears to be behind the rogue application attack. Lady GagaIs it possible that Lady Gaga, or the staff who manage her Twitter account, fell for the scam themselves? And that’s why the rogue message appeared on Lady Gaga’s Twitter page?

Lady Gaga has over 9.6 million followers on Twitter, making her the most popular person on the network (yes, beating even Justin Bieber..) and a prize goal for any scammer who wants their scammy spam my links to be spread to as wide an audience as possible.

 

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights. Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

Face book comment-jacking? OMG! I can’t believe JUSTIN Bieber did THIS to a girl

It’s preliminary to appear like Face book can’t win next to those who wish to use their overhaul to scam, spam and just cause difficulty. Over the last day or so, a new kind of assault has been dispersal using the phrase “OMG! I can’t believe JUSTIN Bieber did THIS to a girl”.


 

It leads to a page asking you to confirm a simple math problem to “prevent bots from slowing down the site”. In actuality, it is another click jack-type scheme in which you are asked to type the answer into a box. It doesn’t matter what you type, because it’s a social engineering trick. What you are actually typing is a comment that is used to share the link with your friends on Facebook. You can see the tooltip that says “Add a Comment” in the screenshot.

 

This bypasses Face book’s recent attempt at detecting likejacking fraud. Links you comment on are not using the same mechanisms that Facebook is monitoring when you click “Like”. Many moons ago, the first Facebook attacks started with illegitimate applications asking for permission to access your wall and spread their messages by spamming your friends through wall posts. While this worked well, it was a bit easy for Facebook to track down and remove the bogus apps.

 

Early in 2010 we saw the first attempts at like jacking. This technique involves layering one image over the top of a Like button and tricking the victim into clicking something that appears to play a video or a continue button, when in fact they are clicking the Like button hidden underneath. More recently we have seen the attackers trying lots of new techniques. In the past few months we have seen them tagging people in photos they are not in to get you to click, inviting people to fake events and even making you an administrator of a Facebook page that isn’t yours.

 

While protecting yourself may not be as simple as not clicking anything that says “OMG!” that isn’t a bad start. Be skeptical, understand that messages from your friends may not in fact have been sent to you willingly, and if you are really tempted to click, take a short timeout to conduct a Google/Bing search.As of the time of this writing some of the YouTube videos this scam leads to have been removed by YouTube. However, one video that is still working has over 525,000,000 views since February and thousands of comments in the last 24 hours — in other words, since this Facebook scam has been making the rounds.

Osama Bin Laden bereavement video scam spreads virally on Face book

A link which claims to tip to a video of the death of Osama Bin Laden has been extend virally across Face book today, just hours after the death of the Al Qaeda leader. The messages, posed as updates on Face book users’ walls, assert to point to banned video footage of Osama Bin Laden’s death:

 

SHOCKING NEW video of OSAMA BIN LADENS DEATH!!

Exclusive BANNED VDEIO footage of Osama Bin Laden being killed!!!



 

(In the screenshots used all through this article we have hidden the image as some may find it disturbing).

Clicking on the link take you to a Face book page which urges you to like and split the link with your Face book friends, before you can watch the “shocking” footage:

 

However, sharing the link with others just helps extend it more across the social network, and as an alternative of a shocking video you are in its place obtainable with an all-too-familiar survey which you are told you must whole before you can go any further. The scammers earn money every time a survey is completed, and that’s why they desire you to share the link with others.

 

 

Sophos is advising computer users to watch out for scams related to Osama Bin Laden’s death, not just on Face book but on extra parts of the internet too. Such a big news story forever seems to attract the curiosity of fraudsters and malware authors.

Miley Cirus drugs scam hits Face book

Face book user have been bombard with up till now one more spam review scam, this occasion using the entice of a video allegedly depicting actress Miley Cirus taking drugs. In a blog post, Sophos senior technology consultant Graham Cluley warned that the survey scams typically arrive from a user’s friend’s account with a message such as: “OMG Miley Cyrus is caught smoking a BONG on video [LINK]”.

Clicking on the link will obtain a user from side to side to another page talented the footage, and clicking through again will enable a rogue Face book request to run on the user’s computer.“If you do agree to grant the authorization, you’ll be taken to an online survey (part of the CPALead network) which earn cash for the scammers through affiliate revenue,” Cluley explained.

“While you’re finishing the survey, and earning the scammers a few money, their rogue claim has posted the link onto your wall, sharing it with your friends and thus perpetuating the scam even more.”He warned that scams of this type could also be used to filch personal information. “If you’ve been hit by a scam like this, get rid of reference to it from your newsfeed, and withdraw the right of rogue application to right of entry your profile via Account/ Privacy Settings/ Applications and web sites,” wrote Cluley.

 

Social engineering-led attacks such as this are probable to grow in popularity in 2011, according to several security vendors.Trend Micro warned in its prediction for the impending year that the practice will become increasingly popular via email, as it is a more measurable way of sending out malware than infiltrating web sites as part of a drive-by-download attack.