Facebook Attacks - an in-depth analysis
Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
Android security
Android security
Loading in …3
×
1 of 11

3 Likes

Share

Download to read offline

Facebook Attacks - an in-depth analysis

Download to read offline

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Facebook Attacks - an in-depth analysis

  1. 1. A STUDY OF MALICIOUS ATTACKS ON FACEBOOK Maria Patricia M. Revilla Commtouch, Philippines October 2011 Copyright is held by Virus Bulletin Ltd, but made available on this site for personal use free of charge by permission of Virus Bulletin (http://www.virusbtn.com).
  2. 2. A STUDY OF MALICIOUS ATTACKS ON FACEBOOK REVILLA A STUDY OF MALICIOUS The popularity, number of subscribers, and level of activity have made Facebook an attractive tool for attackers who use ATTACKS ON FACEBOOK social engineering in order to spread malicious content or earn Maria Patricia M. Revilla money unethically. Over the years, social engineering has been Commtouch, Philippines enormously effective as it succeeds in convincing users to unknowingly act in the interests of cybercriminals. Spam and email scams have been used to deceive users, for example, Email Patriciar@commtouch.com offering seemingly legitimate employment, while putting victims to work as money mules who unwittingly help launder stolen funds. It has also been used as a tool to start and force ABSTRACT the spread of worms by including attachments disguised as normal documents. Social networking sites have, beyond doubt, made it into today’s popular culture. They have apparently become the The use of fake file icons such as those used for Windows primary resource for the masses when it comes to socializing folders, Word documents, text files, media files and others are a for the sole reason that they generally measure up to what the subtle form of social engineering, letting users think that a modern populace claim to demand – something fast, easy and malicious application is just a normal document. Instant accessible. Facebook is a perfect example. messages on Yahoo! or MSN use convincing phrases promising must-see pictures or videos to trick users into clicking malicious Facebook has become undeniably popular. With 600 million links that may point to phishing sites or rogue software. Rogue users to date, it could be considered to be the most widely software or fake anti-virus products are themselves a form of used social networking site in the last decade. People patronize social engineering. By scaring users with ‘detected’ malware, Facebook for its simple, but rather functional features, which they convince them to pay for products that they believe will range from public messaging through wall posts and private actually help them remove the ‘infection’. Sophisticated social messaging, to sharing photos, videos and URL links, to engineering attacks use emotion and human desires to trick gaming, and even marketing and advertisements. It even users. Protecting users from themselves is a tough job and it is makes a good online outlet for thoughts in the form of ‘status something that a computer cannot really do. updates’ which can be changed as often as one wishes. In 2008, the Koobface worm spread through social networks, With its popularity and effectiveness, Facebook has also including Facebook (where its name came from). It may be become a hot spot for attackers. Over the years, social considered to be one of the most successful worms as new engineering has been reported to effectively spread malicious variants are still being encountered – over 20,000 variants [4] programs which are hard to prevent, especially granted that by April 2011. Aside from the Koobface worm, there have they are designed to trick human thinking. been other forms of attacks – clickjacking, phishing, spams, This paper will seek to study the social engineering attacks scam messages, links to rogue applications, and others that that have been identified to spread malware through Facebook. help cybercriminals earn money. It is certainly alarming to see By tracking down the distribution methods/mechanisms for how these forms of attack have increased. spreading malware, and the current preventive and defensive Based on the number of active users and activities performed measures, this paper aims to give an insight into the challenges by Facebook users, it is clear that Facebook has become an that are being faced in terms of protecting users. effective social networking site with people benefiting from its integrated functionality such as photos and messaging. At the INTRODUCTION same time, attackers have successfully taken advantage of this functionality to turn Facebook into a channel for spreading Facebook has become enormously popular, reaching over 600 malicious content. Even a small percentage of compromised million users to date [1]. Users have increasingly integrated users would equal a large attack base given the number of social networks into their lives, spending a reported 700 active users on the site. billion minutes per month on Facebook [2]. Every 20 minutes approximately 24,857,000 actions are performed which may Security companies have developed tools and have improved be broken down into: scanners to detect and prevent intrusion of malicious programs. Solutions range from single file detection to generic and heuristic detections, and even cloud-based technologies. 10,208,000 comments made As these protection technologies have improved, attacks have 2,716,000 photos uploaded grown more sophisticated in an attempt to evade new and existing security measures. Attackers usually take advantage 2,716,000 messages sent of commonly used software and/or popular sites combining 1,972,000 friend requests accepted social engineering with exploits of vulnerabilities in programs like Adobe Reader or Internet Explorer. Our observation is 1,851,000 status updates that attackers have achieved the most success in bypassing 1,587,000 wall posts security measures by employing sophisticated social engineering methods. 1,484,000 event invites This paper will focus on analysing social engineering attacks 1,323,000 tagged photos on Facebook and will try to present the preventive measures 1,000,000 links shared the industry has provided to users, defensive measures/tools that are available for users, and the challenges faced in Table 1: Facebook activity statistics onlineschools.org [3]. preventing users from becoming victims. VIRUS BULLETIN CONFERENCE OCTOBER 2011 1
  3. 3. A STUDY OF MALICIOUS ATTACKS ON FACEBOOK REVILLA THE PROBLEM – FACEBOOK SOCIAL itself as a photo album application. Following the link to ENGINEERING ATTACKS the fake application, the user was prompted to download the file ‘FacebookPhotos#####.exe’, which is the A trusting user in a social network environment wouldn’t malicious executable. Newer variants used different suspect that a friend (deliberately added to a friend list) would filenames such as ‘Facebook-pic[number].exe’ (e.g. send any harmful content. This trust turns a very popular and Facebook-pic000751357.exe) [8]. widely used social networking site like Facebook into a huge opportunity for attackers. Users are drawn to action by Clickjacking ‘friends’ – following a message, links, or an invite – without suspecting that this will undermine security. Another type of social engineering attack is clickjacking. This method tricks a user into allowing a malicious script or a code Worms: Koobface and Palevo to execute without his knowledge by enticing the user to click on seemingly normal objects on a web page, such as buttons, The Koobface worm has been around since 2008 [5]. It was links, or images. On the Facebook platform, attackers were first encountered through Facebook messages that enticed a able to find ways to exploit some of its functionalities such as user to view a video from a link that looked as though it came the ‘Like’, ‘Publish’, and ‘Comments’ buttons when writing from YouTube. Alluring messages like, ‘You must see it!!!...’, comments on photos, videos or links. were the first step of its social engineering tactic. Users who clicked on the link were prompted to download newer A worm that spread on Facebook through a clickjack attack versions of Adobe Flash Player – the second part of the social was successfully executed using an invisible IFrame. It engineering attack. The downloaded file ‘codecsetup.exe’ was basically exploited the ‘Publish’ button that posts a link to the actually not an Adobe Flash Player, but a malicious user’s wall. The link points to a page that contains an invisible executable. Once the executable is installed, the infected IFrame shown in the code in Figure 3 (from jsunpack.jeek.org). machine turned into a bot used for spreading more messages The user is unaware that a click anywhere on the page is with malicious links and for other malicious purposes. actually a click on the ‘Publish’ button. This results in a post Later, when users became aware of a worm that spread using on the victim’s wall, which will then be seen by the victim’s a fake YouTube-like video, a new variant was encountered friends, probably causing them to click as well, and in this which used a Blogspot link sent through messages of friends way continuing the spread of the malware. This worm was [6]. The message had the same video-related theme, but the first reported by F-Secure in May 2010 [9]. changed destination to a Blogspot link reduced the suspicion. Following this attack, a lot of other clickjack attacks followed The Blogspot pages included JavaScript redirects to pages by exploiting the famous ‘Like’ button, also known as a again requiring the installation of a so-called video playing ‘likejacking’ attack. When a user ‘likes’ a certain page, video, component (as with the initial version). As before, the ‘video photo or a website on Facebook, it enables the user to share playing component’ was in fact a malicious executable. In this this content with friends. It’s almost the same as suggesting it case, the infected machine opened new Blogspot accounts and to friends as the liked page appears on the user’s newsfeed distributed the malicious links to friends. Figures 1 and 2 causing friends to see it and probably to click it themselves. show some examples. This attack works especially well when the link has a descriptive text specially crafted to attract users, such as messages promising a ‘video of Justin Bieber’, or ‘pics of Miley Cyrus’, or any current newsworthy event [10]. An example of the actual code used for this attack is shown in Figure 4 (from pastebin.com). The code basically uses the same method as an invisible IFrame which follows the user’s mouse. Any click on the page will be a click on the ‘Like’ button, without the user’s knowledge. Figure 1: Blogspot post example (1). Another attack exploited the ‘Comment’ functionality. Once a user ‘comments’ on a photo, a video or a link on Facebook, it will appear on the user’s wall or newsfeed, causing friends to see it and, as before, probably attracting them to see and click on it as well. Here again, the messages included text with famous names such as Justin Bieber. Clicking on the link led to a page with a question and text entry box for the answer. The text box was actually a Facebook comment box which would result in the posting of a comment on the victim’s wall, or a message on the victim’s newsfeed, causing it to be shared Figure 2: Blogspot post example (2). and seen by the user’s friends. This attack was reported by Sophos in April 2011 [11]. Palevo is another worm that has been known to spread through social network chat messages or instant messages including Facebook [7]. This worm has exploited Facebook Scam and spam messages on Facebook chat and Facebook application functionality. It tried to Facebook has also become the target of scammers and spread by sending chat messages to friends and disguised spammers. Unethical and illegal advertisers have predictably 2 VIRUS BULLETIN CONFERENCE OCTOBER 2011
  4. 4. A STUDY OF MALICIOUS ATTACKS ON FACEBOOK REVILLA Figure 3: Clickjack sample using IFrame tag (1). Figure 4: Clickjack sample using IFrame tag (2). taken advantage of the large number of Facebook users. One method of scam and spam has spread on Facebook through a manual cross-site scripting (XSS) attack (also called a self-XSS attack). The concept of an XSS attack is not new, but the interesting thing here is the social engineering used that convinces the user to manually enter the malicious script in the browser address bar. The topics were varied [12, 13]: • Promises of 500 free Facebook credits (something that does not exist) Figure 5: Self-XSS instruction to users (1). • An application to see who had been viewing a user profile • Video of Osama Bin Laden’s assassination. These all led to pages with instructions such as these: Just follow these 3 steps: Figure 6: Self-XSS instruction to users (2). 1. Copy this code (highlight and press CTRL-C): javascript:(a=(b=document).createElement(‘script’)). a user ends up viewing ads that are not really related to the src=’//[omitted]/f.js’,b.body.appendChild(a);void(0) subject of the link that they originally clicked. Most of these 2. Delete the actual address from the url field in focus on methods to earn easy money, earn points/credits, your browser and paste the code instead. view gossip or the latest news and events, and others. 3. Press Enter and wait for a bit, it can take up to Having hijacked the user’s Facebook session, the script also a minute to complete. sends the scam messages through almost all means of That’s it! reaching out to a victim’s friends including: chat, wall posts, If you are having trouble with these instructions, status updates, event invitations and private messages. It also try viewing the instructions here: http://[omitted]. makes use of shortened URLs in order to avoid immediate info/?sg2lq suspicion from users. it’s where I learned it Figure 7 shows an example of a fake event invitation. Notice Attackers even provided step by step image guides showing that the subject is ‘Official App: See Who has Viewed your how to perform the self-XSS attack, as shown in Figures 5 Profile? Find out here! [bad shortened link]’. Many users will and 6. notice that this doesn’t really sound like an ‘event’, but the idea is to catch the user’s attention and draw them into It is quite remarkable that there are users who fall for scams following the link. which require them to manually copy and paste code into their browser’s address bar. Once the code has been pasted as An example of spam code shown in Figure 8 illustrates how per the instructions, the user is redirected to a ‘survey page’. the messages continue to spread widely. The code uses an This is an affiliate link where rogue affiliates earn money for obfuscation technique to hide the routine using encoded bringing users to partner sites. At the end of the survey page, function calls stored in an array of variables – in this sample, VIRUS BULLETIN CONFERENCE OCTOBER 2011 3
  5. 5. A STUDY OF MALICIOUS ATTACKS ON FACEBOOK REVILLA var _0xb65. Looking at the rest of the code gives us a clue as to its real purpose since it uses the XMLHttpRequest API, which is used for sending HTTP or HTTPS requests directly to a web server. Decoding the variable _0xb65 reveals what the routine is all about (Figure 9). Basically, once the script is executed, messages will be sent to the victim’s friend with texts based on the variables settings in the code as shown in the additional code below. Aside from posting a message the script will also make a comment on the posted message and will also ‘like’ the post it created (Figure 10). Figure 11 shows how the resulting post, comment and Figure 7: Fake Facebook event invitation. message will look. Figure 8: JavaScript spam code (1). Figure 9: JavaScript spam code (2). Figure 10: JavaScript spam code (3). 4 VIRUS BULLETIN CONFERENCE OCTOBER 2011
  6. 6. A STUDY OF MALICIOUS ATTACKS ON FACEBOOK REVILLA Following the links leads to the sites shown in Figures 16 and 17, enticing users by promising results as well as a discount when they buy the product. Figure 11: Resulting post made by the spam code. Money-mule and credit card scams Money-mule scams have also made their way into Facebook. As with other platforms, scammers attract people with promises of easy money. Money-mule recruitment usually starts with Facebook groups (which can be started by any Figure 16: Scam post advertisement sample (1). Facebook user). These groups often attract large followings because people do not know what they are getting into [14]. Other frauds have also appeared, such as credit card scams. These start with messages designed to attract users by proposing ‘money-making jobs’, or books about ‘how to earn big money’, ‘how to win the Lotto’, or ‘guides on how to be attractive’. The example in Figures 12 and 13 shows the first part of such an attack using an ‘easy money making’ Facebook group. Some of the posts on the group’s wall are products being sold, relating to books for winning the Lotto or attracting women (Figures 14 and 15). Figure 17: Scam post advertisement sample (2). Once a user accepts the offer, the payment is made via a credit card transaction as shown in Figures 18 and 19. Figure 12: Scam group page sample (1). Figure 13: Scam group page sample (2). Figure 18: Payment scam sample (1). Figure 14: Scam post sample (1). Figure 15: Scam post sample (2). Figure 19: Payment scam sample (2). VIRUS BULLETIN CONFERENCE OCTOBER 2011 5
  7. 7. A STUDY OF MALICIOUS ATTACKS ON FACEBOOK REVILLA The site ‘complaintsboard.com’ shows that the site seems to be a fraud or a scam (Figure 20). Figure 23: Facebook lottery email scam. Figure 20: Complaintsboard complaint comments. Fake email notifications – more scam, spam and malware attachments Spammers promoting pharmaceutical products have also used Facebook as an opportunity. Fake Facebook email Figure 24: Fake Facebook email password notification (1). notifications trick users into clicking links leading to online pharmacy sites [15]. An example of a fake email notification is shown in Figure 21. Figure 21: Fake Facebook email notification leading to online pharmacy site. Figure 25: Fake Facebook email password notification (2). Following the link leads to the pharmaceutical store page shown in Figure 22. Figure 22: Pharmaceutical store page. Lottery scams have also been very common, using fake email notifications describing surprise lottery wins such as the ‘Facebook Africa Jackpot Promo’ shown in Figure 23 [16]. Figure 26: Fake Facebook email password notification (3). 6 VIRUS BULLETIN CONFERENCE OCTOBER 2011
  8. 8. A STUDY OF MALICIOUS ATTACKS ON FACEBOOK REVILLA The email has all the signs of an advance fee fraud scam, promising a huge sum of money, requesting detailed personal information, and requiring secrecy. Malware writers have also taken advantage of fake Facebook email notifications. Emails include subjects relating to: ‘Facebook Abuse Department’, ‘Facebook Security’, and others (Figure 24). In the examples shown in Figures 25 and 26, variants of the malware detected as Oficla (aka Bredolab) are sent as attachments with the email describing a password reset due to spam. Subjects include, ‘Spam from your account’. The attachment names include: ‘Attached_SecurityCode.exe’, Figure 30: Facebook phishing sites statistics. ‘Facebook_DOCUMENT.EXE’ and ‘Facebook_ PASSWORD.EXE’. These are all malware executables that use misleading file icons in addition to their misleading file Fake applications names. The use of trusted icons is a common social Many Facebook users enjoy Facebook applications and games engineering tactic to trick a user into executing the malware that exist within the social network such as FarmVille and file. Below are examples of the Oficla executables with CityVille, and attackers have also taken advantage of this misleading filenames and icons: functionality. The problem with applications on Facebook is that they have the ability to access some or all of the user’s profile information. Rogue applications can therefore post messages on a friend’s wall, send messages, and even extract Figure 27: Oficla attachment file (1). information from user profiles to be used for any malicious purpose. Attackers usually use catchy subjects such as: ‘who viewed your profile’. A further issue is that the verification process for application writers is relatively simple. Figure 28: Oficla attachment file (2). PREVENTIVE MEASURES Phishing Prevention is always better than cure. The trusted network Genuine Facebook user accounts are very valuable for nature of Facebook has made some cybercrime much easier. cybercriminals since they provide them with access to a On the other hand, Facebook has improved its security trusting network of friends. Facebook users have therefore measures and settings to protect its users. These measures become a natural target for phishers. Many fake pages have have included partnerships with security organizations to help been launched (fed from fake email notifications) in order to improve the site’s security tools. Although these systems are steal users’ login information. Cybercriminals can then use not perfect, they are worth noting as they do contribute to user these stolen accounts for many of the malicious purposes security. described in this paper. Attackers have become skilled at mimicking the actual Facebook login page, as in the example Spam, scam and clickjack prevention systems shown in Figure 29 [17]. Facebook has implemented security checks in order to protect users from phishing attacks. In the example below it was able to detect an attempt to log in from a page outside Facebook. When a user tries to visit a page that does not belong to Facebook, but requires a login to Facebook, the warning message below appears: Figure 29: Facebook phishing page sample. According to PhishTank.com statistics [18], Facebook has consistently been in the 10 top sites targeted by phishing. From September 2009 until March 2011, 11,211 counts of Figure 31: Security notice from a login attempt outside phishing attempts were recorded (Figure 30). Facebook. VIRUS BULLETIN CONFERENCE OCTOBER 2011 7
  9. 9. A STUDY OF MALICIOUS ATTACKS ON FACEBOOK REVILLA In the example in Figure 32, the mechanisms were also able Facebook has automated the detection of suspicious ‘like’ to detect a suspicious phishing site that used a shortened behaviour, which can prevent a clickjacking attack. This is URL. An example of a warning message is shown. good on some level, however, in cases where the behavioural pattern of a clickjacking attack changes, then chances are that new attacks might slip through [19]. Facebook has also automated detection and blocking of suspicious content including giving warnings why certain content has been blocked. Using information from user reports and common patterns of spam and scam behaviour they have been able to prevent users from opening and accessing malicious content [20]. However, spam writers continually try to evade spam detection systems. For instance, one script included the following code: Figure 32: Facebook suspicious link warning. In some cases, Facebook security tools are able to check and prevent spammers and scammers from creating fake user accounts. Examples of some of these security checks are shown below: Figure 36: JavaScript spam code. A common indicator of a spammer account is of course the large number of messages sent. In the code above, the variable nfriends is actually the number of friends the spam and scam messages will be sent to. Although it seems strange that messages are sent to only 15 of the victim’s friends (as opposed to all the victim’s friends), this is one way of trying to avoid detection based on the volume of sent messages. In addition, in order to avoid detection based on message content, the encoding of some characters of the words inside the message body has been altered. Figure 33: Account security check (1). Facebook apps As described above, malicious apps have access to the user’s profile information and can take control of some actions such as posting on walls. As of this writing, an app creator must first verify an account by supplying a phone number or credit card number. The image below shows the verification pop-up Figure 34: Account security check (2). window: Figure 37: Facebook verification on application creation. This is helpful to a degree. After supplying the information, an application can be created for the Facebook platform. The problem here is that, after the account has been verified, the developer can instantly publish any application without going through some approval from the Facebook team. Therefore, any malware writer can write an application on the platform Figure 35: Account security check (3). and publish it without going through any security check. CAPTCHA verifications are designed to prevent automation of account creation by non-humans. When this CAPTCHA Facebook security settings verification pops up, a user can optionally verify an account in Facebook has enabled secure browsing by implementing order to avoid CAPTCHA verifications in the future. This HTTPS on its platform. This adds protection and prevents verification requires a phone number. These checks are helpful, hackers from being able to steal identity information while it but they open the issue of user privacy and sharing of sensitive is in transit – especially when a user logs in from a public information. Security check messages may also pop up in place such as a coffee shop or library. However, this security some cases of clicking the ‘Like’ button of certain group pages. option is not enabled by default. 8 VIRUS BULLETIN CONFERENCE OCTOBER 2011
  10. 10. A STUDY OF MALICIOUS ATTACKS ON FACEBOOK REVILLA other anti-virus companies can enlighten customers about new threats that are found on the social network. Many of these blogs are very illustrative and informative, allowing users to easily understand, and be aware of the types of threats they might encounter on Facebook. These also provide Figure 38: Facebook HTTPS browsing setting. tips on strengthening security and account settings. Another security tool is the Facebook activity monitor that enables remote logout. A user can see the latest activities in DEFENSIVE MEASURES his account by checking the Account Settings which include Facebook generally blocks known malicious content or pages an indication that the account is active through a different that are reported to it. Facebook reporting tools include links location or device. The screen below shows a single account such as ‘Mark as Spam’ and ‘Report/Block this Person’. signed in on different computers. The user may end any active login from a different computer or location that he is not Another defence available to end-users is a locally installed aware of. This is helpful in tracking if someone else is using security product, such as URL and spam filtering software, an account. and an anti-virus product. Anti-virus firms have also responded to the new threats by ensuring detection of new variants of Facebook worms, Oficla, and the increasing number of malicious scripts used for spamming. At the same time, security groups have created their own Facebook pages for users to view the latest threats including advice about how to remain secure and protected. Several companies have also released software specifically for Facebook. CONCLUSION As it has gained in popularity Facebook has also been increasingly used for malicious purposes, and its name, functionalities and features have been vastly exploited. The security industry is continually working to keep pace with new cybercriminal tricks on Facebook. In addition, Facebook has taken several steps to protect its users while working with security groups in order improve its defence systems and the security tools on the platform. As shown by the many examples above, attackers employ numerous social engineering tactics to help spread malware, Figure 39: Facebook activity monitor. scams and spam. Indeed, the key security problem with Facebook lies in the trusted nature of friend connections Facebook security and safety page which are so easy to exploit with social engineering. Educating users about Internet safety is another important Education of users is therefore a key part of enhancing preventive measure – particularly since most of the attacks Facebook security. rely on social engineering. The Facebook security page provides: ACKNOWLEDGEMENTS • Information such as how to protect a user account, and I would like to express my sincere gratitude to Commtouch how to take action when an account has been VirusLab and to the hands of the people that God used to compromised and used for sending scams or spam. make the completion of this paper possible: Robert • Information about the threats that a user may encounter Sandilands, Rommel Ramos, Avi Turiel, Rebecca Herson, on Facebook and helpful tips to avoid scams, spams, Catherine Lor and Jinky Suarez. And whatsoever ye do, do it hacks and malware that may be spreading on the heartily, as to the Lord, and not unto men; – Colossians 3:23. platform. • A way of reporting a possible security vulnerability REFERENCES allowing Facebook to work on improving security [1] http://www.socialbakers.com/Facebook-statistics/ measures. ?interval=last-week#chart-intervals. • A safety page that explains Facebook as a community in [2] http://www.Facebook.com/press/info.php?statistics. which everyone has a shared responsibility of keeping it [3] http://www.onlineschools.org/blog/Facebook- as a safe environment. This gives an insight for parents, obsession/. teens and teachers who are using Facebook and helps them understand the environment as well. [4] http://blog.Facebook.com/blog.php?post= 68886667130. Security blogs [5] http://www.kaspersky.com/news?id=207575670. There continue to be numerous blog posts written about [6] Commtouch Trend Report 2010 Q4. Facebook threats. Commtouch’s security blog and those of http://www.commtouch.com/download/1934. VIRUS BULLETIN CONFERENCE OCTOBER 2011 9
  11. 11. A STUDY OF MALICIOUS ATTACKS ON FACEBOOK REVILLA [7] http://blog.commtouch.com/cafe/malware/malware- spread-via-Facebook-chat/. [8] http://nakedsecurity.sophos.com/2011/01/09/ Facebook-photo-album-chat-messages-spreading- koobface-worm/. [9] http://www.f-secure.com/weblog/archives/ 00001955.html. [10] http://athansj.blogspot.com/2011/03/Facebook- likejacking-attack.html. [11] http://nakedsecurity.sophos.com/2011/04/30/ Facebook-comment-jacking-omg-i-cant-believe- justin-bieber-did-this-to-a-girl/. [12] http://blog.commtouch.com/cafe/malware/500-free- credits-from-Facebook-%E2%80%93-malware/ #disqus_thread. [13] http://blog.commtouch.com/cafe/malware/ %E2%80%9Cosama-bin-laden-dead-%E2%80%93- actual-video%E2%80%9D-new-Facebook-malware/. [14] http://www.thenewnewinternet.com/2010/06/01/ Facebook-used-to-find-money-mules/. [15] http://blog.commtouch.com/cafe/spam-favorites/ spammers-vote-Facebook-%E2%80%93- %E2%80%9Capplication-of-the-year%E2%80%9D/. [16] http://blog.commtouch.com/cafe/anti-scam/harry- potters-magic-money-foundation-and-more/. [17] http://blog.commtouch.com/cafe/phishing/avoiding- Facebook-phishing/. [18] http://www.phishtank.com/stats.php. [19] http://nakedsecurity.sophos.com/2011/03/30/ Facebook-adds-speed-bump-to-slow-down- likejackers/. [20] http://blog.Facebook.com/blog. php?post=403200567130 (spam prevention systems). [21] http://www.securelist.com/en/blog/208187962/ Facebook_money_mule_or_credit_card. [22] http://en.wikipedia.org/wiki/Clickjacking. [23] http://www.personalizemedia.com/the-count/. [24] http://www.Facebook.com/security. [25] http://www.Facebook.com/blog.php?post= 486790652130. [26] http://blog.Facebook.com/blog.php?post= 436800707130. [27] http://blog.Facebook.com/blog.php?post= 389991097130. 10 VIRUS BULLETIN CONFERENCE OCTOBER 2011
  • GloriaDenham

    Dec. 25, 2021
  • HughBriggs

    Sep. 26, 2012
  • jtahmalatesta

    Nov. 8, 2011

Views

Total views

5,011

On Slideshare

0

From embeds

0

Number of embeds

268

Actions

Downloads

61

Shares

0

Comments

0

Likes

3

×