Facebook Malware Scam Takes Hold - hendersonburses

A "worrying number" of Facebook users are sharing a link to a malware-laden fake CNN news Page reporting the U.S. has attacked Islamic Republic of Iran and Saudi Arabia, security firm Sophos said Friday.

If users WHO follow the link and then dawn to play what purports to be video coverage of the lash out, they are prompted to update their Adobe Flash instrumentalist with a soda pop-leading windowpane that looks very more like the real affair. Those who consent the prompt unwittingly install malware on their computers.

Within three hours of the scam's unveiling, more than 60,000 users had followed a link to the spoofed CNN page, reported to Sophos Senior Protection Adviser Chester Wisniewski. Facebook remote that link, but others are still being shared.

"The mischievous guys are rotating through short-change pages stressful to hitch onwards of Facebook," Wisniewski said.

In a statement, Facebook said it was "in the process of cleaning up this spam now, and remediating any mannered users."

Wisniewski said at that place are a number of ways that status updates could appear without users' cognition. Their Facebook accounts could have been hacked, allowing a third party to update their status. It is also possible for scammers to exploit weaknesses in the social networking platform itself or in Web browsers to brand a condition update using JavaScript.

A representative status update shown in a screenshot happening the Sophos blog reads, "U.S. Attacks Iran and Saudia Arabia. F**k 🙁 [LINK] The Begin of World War 3?"

Users who accepted the Flash musician update prompt installed a fake antivirus tool along their computers. That tool would then alert them that their computer is infected with malware that hind end exist eliminated for a fee. Such scams are indefinite of the just about profitable, Wisniewski said, noting the irony that they final far-off more money than the licit security products Sophos and other security companies hawk.

RELATED: Protect Your Network from Facebook Malware

In summation to a healthy dose of agnosticism that the U.S. would attack its ally Kingdom of Saudi Arabia, Facebook users can debar the scam and others like it by updating Flash only from Adobe's own website rather than from pop ups.

Updated 2/3/12 at 5:42 p.m. with response from Facebook