This week’s upsurge in attempts to social engineer control of your computer out from under you comes at the expense of the reputations of several social networking sites. Last week, it was fake news stories, with promises of horrific video of bomb blasts close to you; this week, it’s fake Classmates.com and Facebook announcements of ‘highly rated’ videos and pictures of Young Girls Doing Things. The emails all have subjects (like the following) designed to trigger the prurient interests of Internet users:
Subject: Facebook message: Facebook girl Striptease Beautiful dance (Last rated by Cecile Lucero)
Subject: Classmates private: Party Photos (Last rated by Colby Hunt)
(There’s also cross-pollination, as there have been supposed “Classmates messages” advertising that Facebook girl – she must be popular!)
Unfortunately, disappointment lurks at the URL in the body. There, you’ll find a picture and a notice that, yes, your Flash player is out of date and must be updated. The ‘update’ will not allow you to view any pictures or video; instead, it will turn your machine into a zombie, invisibly under the control of one of the botmasters.
As with any of these infection attempts, there are a number of things you can do to protect yourself. First and foremost, surf smart. Don’t install software because a website told you to; if you find that you really need to update your Flash player, go get it from Adobe themselves. Keep all your security software up-to-date – that includes anti-virus, firewall, and anti-spam software. Monitor threat evaluation sites like Threat Expert, the US Computer Emergency Readiness Team (US-CERT, and the Internet Storm Center.
And, of course, be suspicious any time someone you’ve never heard of wants to share private photos with you.