Application security, Incident Response, Malware, TDR, Threat Management, Vulnerability Management

Facebook cuts off accounts spreading rogue anti-virus

Facebook has cut off scores of fake member profiles attempting to push rogue anti-virus programs to unwitting users.

Roger Thompson, chief research officer of security firm AVG, said in a blog post Thursday that he and his team have witnessed some 200 real-looking profiles on Facebook containing purporting to belong to a blonde woman. Each profile looks the same except that it contains different names for the woman.

He told SCMagazineUS.com on Friday that the purveyors of the scam likely are getting victims to visit the bogus profiles through socially engineered emails.

Included on the Facebook profile is a link to view a home video, Thompson said. Clicking on the link takes victims to another site that pretends to scan their computer for malware, inevitably turning up infections. Then, the site asks victims to enter their credit card and other personal information so they can install an anti-virus product, which turns out to be fake.

"It looks like an AV program, except it's making up stories of what's actually on your computer," Thompson said. "It doesn't offer an uninstall option and it generally burrows deep, like a rootkit. It's generally very difficult to remove."

Simon Axten, a Facebook spokesman, told SCMagazineUS.com Friday that the social networking site has disabled the offending accounts. He also discounted initial speculation by Thompson that the attackers likely broke Facebook's CAPTCHA controls to create automated profiles. Instead, Axten said engineers determined the attack was done manually.

"We think this validates the CAPTCHAs we use, as well as the various other automated security systems we've implemented, which severely limited the scope of this attack and enabled us to get all evidence of it off the site before people were harmed," he said in an email.

The incident occurred on the same day that the Internet Crime Complaint Center, a joint operation between the FBI and the National White Collar Crime Center, warned of ongoing social networking hijacks. Some of the tactics being used by the fraudsters include delivering spam from compromised user accounts and trying to dupe users into installing malicious applications.

According to a biannual report from Breach Security, a web application security maker, 19 percent of online attacks in 2009 have targeted social networking sites.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.