Facebook Slammed By Adware Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
News
5/18/2010
10:08 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Facebook Slammed By Adware Attack

A security researcher calls the weekend attack 'stunning in terms of scale.'

Lured by the promise of the "sexiest video ever," hundreds of thousands of Facebook users found their PCs infected by adware over the weekend.

Unsuspecting users clicked on a thumbnail showing a miniskirt-clad woman on an exercise bike, apparently posted on their Facebook page by a friend. Instead of seeing the video, users were told they did not have the correct software installed and were directed to download the necessary application. Then, instead of accessing video software, users downloaded popup-spewing adware, according to security software developer Sophos.

The malware uses Hotbar, a toolbar that connects to Internet Explorer and Windows Explorer, and connects users with paid ads and search engines, according to Switched. The toolbar also may gather personal data and download other updates from its server.

"You may want to watch a sexy video, but you're more likely to end up being plagued by pop-up advertising," said Graham Cluley, a senior technology consultant at Sophos, told The Economic Times. "It's no surprise that your friends might click to watch the movie when it looks to all intents and purposes that you are the person who has sent it to them."

In fact, more than 300,000 users reported the problem to AVG Technologies, said Roger Thompson, chief research officer at the developer of free anti-virus software.

"This latest issue really underscores how powerful, while at the same time vulnerable, social networking applications are. This attack was actually stunning in terms of scale,” he said. “Facebook is very responsive to threats when we identify them, and removing these applications as soon as they find them, but they’re still able to generate huge traffic, just because of the viral nature of social networks. It is staggering how many threats were propagated before they were stopped.”

Within 15 hours of the attack, Facebook removed the application, Thompson said. In a "Tip of the Week" on Monday, Facebook cautioned account-holders not to click on suspicious-looking links, even if they'd apparently been sent or posted by a friend.

This is not, of course, the first or last malware attack targeting Facebook users. In March, for example, McAfee warned Facebook users about a password-stealing phishing attack, where scammers sent emails purportedly from the social networking site, telling users their passwords had been reset and users had to click on an attachment to retrieve it. The attachment was, in fact, a password stealer that installed when clicked.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Commentary
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
News
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll