Facebook Watcher

When Your Facebook Friend Is Not A Human

2009-11-11T06:17:39Z

Koobface variant is resurfaced again. This time this virus is not only back but with added sophisticated and behaves like an usual Facebook user.

According to TrendMicro, it automates the following routines: Firstly register a Facebook account, and confirm an email address in GMail in order to activate the registered Facebook account. Unlike previous Koobface component, this new Koobface component is joining random Facebook groups, adding Facebook friends and even go further to post messages to Facebook friends’ walls.

Additionally, the profile created by this new Koobface component now appear to be a well-designed and yet completed profile page, with photo, birth date, favorite music, and favorite books, are all filled up in the respective column.

In the meantime, Facebook will need to crack down on the malicious links since the message posted on the Wall by this virus are directed to the usual bogus Facebook homepage or YouTube page hosting the Koobface loader component. For users, the best advice is to be cautious when confirming the friend requests, and don’t simply following the links posted on your Wall.

Source: available at http://www.trendmicro.com/vinfo/images/20091110_koobface_fb.gif, accessed November 10, 2009

Say NO to Phishing Campaigns

2009-11-10T05:51:09Z

Phishing campaigns on social networks are not new. The scammers are not satisfied only for pushing spam to sell “Canadian” pills. Now they are using all sorts of phishing campaigns to steal your Facebook password, and constantly change their tactics such as trick the users to download a keylogger so that they can collect your credit card numbers, and etc.

Now the main issue is, how can you tell if your personal information is being phished in Facebook? Here are some useful tips provided by TrendMicro:

- Check the email’s content. Misspellings and grammatical mistakes are very common in spammed messages.

- Do not click embedded links. If you need to update your login credentials, go to the site’s homepage and log in from there.

- Check the URL in the message body. A legitimate Facebook link will not continue beyond .com as in the two bogus email messages.

- Check the time stamps. Facebook has millions of users worldwide so it really is very unlikely that the site’s administrator will send out email messages to all users within the same day.

- Check the sender’s email address. A legitimate Facebook email sender will have a facebook.com and not a facebookmail.com address.

Don’t be misled. Facebook Watcher strongly advise that you follow the aforesaid tips and stay safe when networking with all your friends in Facebook.

Beware of Zeus Trojan

2009-11-08T08:27:43Z

Scammers never give up, although various sorts of phishing scams have been blocked by Facebook. It seemed that the more serious one appears to be the fake email with the malicious “updatetool.exe attachment”, as reported by Webroot, an established security experts on the Web.

This fake email is pretends to be from the Facebook administrators. If the victim chooses to go further, he or she will end up at a spoof Facebook login page which prompts users to reveal his / her Facebook password as well as download the file attachment. The message in the fake email itself claimed that the user’s Facebook profile password was reset. In order to retrieve the password, a user need to download and open the attachment. In fact, the file attachment, i.e. “updatetool.exe” is actually the Zeus trojan, a trojan from the Bredolab family.

If you come across similar email in your inbox, straight away delete the fake email. Never fill in secret information on suspicious sites, other than the Facebook homepage, i.e. https:www.facebook.com and avoid downloading the file attachment shown in below.

Learn to Use Abuse Reporting Features

2009-11-07T17:08:55Z

In an ongoing battle against spam or any abuse, Facebook has included a “Report” feature for the profile, page or group which users are allowed to file an abuse report. When clicked, this particular abuse reporting will immediately be submitted to the Facebook user operation team members and the aforesaid action will be filed for further review.

To-date, Facebook users are not only allowed to report user, page or group, it has updated the site and gave its users to quickly report any offensive photo and video. According to a blog post of Facebook, “We created much more granular reporting categories for you to classify the issues you may come across including bullying or unwanted contact from other people on the site. We also added new fields where you can detail the location of abuse that occurs in videos or text.”

For video, users now can tell Facebook the specific time during the video when the abuse occurs. But in contrast to the note reporting, users can copy and paste the offensive text directly from the source.

In fact, as far as the reason of reporting is concerned, the categories for the reason will vary solely depend on what a user is reporting on. For instance, when reporting an offensive photo, users can select from the following reasons: nudity or pornography, drug use, excessive gore or violence, attacks individual or group, advertisement or spam or infringes on your intellectual property. However, Facebook will not remove a photo or video simply because it’s unflattering.

As Jessica Ghastin wrote in the Facebook blog, “The information you provide helps our international team of professional reviewers prioritize reports and know what they’re looking for when reviewing the content.”

Nevertheless, learn to locate the “report” link (it’s in the bottom of the left-hand sidebar), and use this abuse reporting feature as it can help to protect the site integrity. Hopefully, this can be another key feature in alleviating the spam problem in Facebook.

Facebook Won $711 Million in Anti-Spammer Case

2009-11-07T07:42:00Z

Back in November last year, Facebook has been awarded a whopping $873 million against the spammers that sending the sleazy messages to their users. However, it seemed the battle against the spammers is not over yet as Facebook has been awarded another high-profile $711 million in damages by San Jose, California court against Sanford Wallace, one of the notorious spammers who accessed users’ accounts without their permission as well as sending phony Wall posts and messages.

Of course, with this $711 million, this is the recent example of Facebook winning the second largest judgment against spammers under the 2003 anti-spamming law CAN-SPAM. Besides, for more details about the injunction against three (3) spammers including Sanford Wallace filed on February 24, 2009, you can visit this page, and the PDF is embedded in the below.

Social Networking Security Tips

2009-10-05T04:39:40Z

From a security threat standpoint, Facebook users do not take the appropriate steps to fend off various security challenges can cause their computers vulnerable to all sort of problems. In tandem of the declaration of “National Cybersecurity Awareness Month” by The White House, the Internet Crime Complaint Center (IC3), which is a partnership between the FBI and the National White Collar Crime Center, has highlighted certain tips in order to practice safe online social networking.

On the statement, IC3 provided some tips to mitigate the social networking problems such as adjust Web site privacy settings, be selective of your friends, or disable options and then open them one by one such as texting and photo sharing, capabilities, and etc.

In addition, IC3 said cyber criminals are also using spam to promote phishing sites, claiming a violation of terms of service or some other issues which need to be resolved. Other spam attempts are in the forms of getting users to download an application or view a video.

Meanwhile, there have been nearly 3,200 reports of account hijackings since 2006, according to a FBI press release.

Feel Lonely? Want to Buy New Friends on Facebook?

2009-09-05T06:51:05Z

While a lot of users joining Facebook are for friend connections, there’s always been a focus on the most important activity on Facebook: To build a larger friend base. Of course, building the friend base in Facebook is not only important for ego, it’s also a business strategy, as noted on uSocial, an Australian-based marketing operation which offered the help to grow your business and sales on Facebook.

What uSocial offered for the Facebook users is a new breakthrough way to grow your Facebook friend base. For a package price of $654.30, it will deliver 5000 new targeted Facebook friend requests to your Facebook account, though the fact that there’s no guarantee of how many of them will click “accept.”

For the would-be purchaser on Facebook, uSocial’s Facebook marketing services is starting at $177.30 for 1,000 targeted Facebook friends or fans, and the price will be incrementally up from $99 to $144 for any additional 1,000 of targeted friends. In this instance, a Facebook user might need to spend $654.30 or $1167.30 for 5,000 and 10,000 targeted Facebook friends/fans respectively.

As a Facebook user, why you need to buy Facebook targeted friends? According to uSocial, “every Facebook fan or friend you have is generally worth $1 to you per month, which is a figure anyone using this site correctly can back up. This means that even on a purchase of a 1,000 friend pack, you will not only return your investment in the first month, but earn more than five times what you’ve invested. Try and tell us that’s not a great investment.”

My take is that I’m sure some will take advantage of this opportunity to build a large following in Facebook when money is not a problem. The simple fact is building a large friend base on Facebook is extremely difficult to achieve unless you’re famous and well-known in one particular field.

However, uSocial’s packages are not without controversy. Earlier this year, both popular Web services Twitter and Digg were tried to shut uSocial down, accusing it of selling off Twitter followers, i.e. Tweeters and the Digg votes for the purpose of voting up your Web page to the front page of Digg.

Is Facebook Knows Too Much About You?

2009-08-31T07:28:31Z

Most Facebook users don’t really care about the potential risks of Facebook quizzes that can collect and store the answers they give when they’re taking the quizzes; they also cannot stop these kinds of quizzes from collecting the information in their profiles – and even information from their friends’ profiles.

In order to prove the above risks come not as a total surprise, the ACLU of Northern California has developed a Facebook quiz of its own to illustrate how quizzes that may seem “perfectly harmless” can access to a wide array of your personal information, though in the first place, you’re wondering the Facebook policies has always in place to reassure the protection of user data.

The Facebook app, i.e. a quiz entitled, “What Do Facebook Quizzes Know About You?” delivers its answer by showing you how much do the quizzes you take really learn about you on Facebook.

According to ACLU, more than 8,000 participants have taken this quiz since it was quietly released a few days ago. In addition, the group hopes to prompt Facebook to upgrade its privacy default settings for its users, now amounting more than 250 million.

Chris Conley, a technology fellow with the ACLU, finds a probable reason for developing this Facebook quiz, said “We wanted to use Facebook itself to show how all these quiz creators have access to personal information. It is difficult to know how third-party app developers use the data, which can be collected and sold for marketing and advertising campaigns. Private investigators and political entities are known to create dossiers using technologies that automatically scour the Web. An individual bombarded by spam, for example, may have been targeted because of an affiliation posted on Facebook. There is no way to know.”

However, ACLU acknowledged the irony of its approach: “We know it’s a little weird to warn you about Facebook quizzes by asking you to take a Facebook quiz – but at least you know who we are and that we have a real privacy policy that we’re committed to upholding. Can you say the same for every unknown author of every quiz you or your friends take?”

To know more about the generic quiz results and what are the comments of ACLU toward it, there is an explanation page posted by ACLU.

Facebook Adds New Security Measures for Compromised Accounts

2009-07-24T06:38:49Z

To help users fight back against scammer, phishing and identity theft, one of the most used and accessed sites on the Web Facebook has taken a new security measures with an aim to reduce the amount of compromised accounts with a suspicious activity page.

Jake Brill, a project manager for the site integrity team at Facebook, wrote on the Facebook blog: “We’ve spent the last few months improving the way to guide people through the process of regaining access to their account after it’s been compromised and used to send spam. Currently, we send emails explaining what happened and provide links to remedy the situation. Now we’re moving towards a new model that also involves clear and simple steps taken within Facebook itself. In doing so, we can ensure that the person logging in is the true owner of the account, thereby preventing hackers from using it to send spam in the future.”

“Going forward, we’ll continue to send a notification email to the tiny percentage of people whose Facebook accounts have been compromised. What’s new is that when these people try to access the site, they’ll first see a page explaining what happened.”

Meanwhile, a recent survey by Webroot has revealed the social networkers’ risky behaviors, among them are:

Two-thirds of respondents don’t restrict any details of their personal profile from being visible through a public search engine like Google;

Over half aren’t sure who can see their profile;

About one third include at least three pieces of personally identifiable information;

Over one third use the same password across multiple sites; and
One quarter accept “friend requests” from strangers.

Scam Tactics For The Month

2009-06-30T07:49:43Z

Cybercriminals and phishers are still focusing their efforts on Facebook. Several new scam tactics are listed as below.

1) Koobface Variant Resurfaced again

Recent report from CA suggested that a Koobface variant is still actively sending massive spam messages to millions of users on Facebook. During the attack, the Koobface variant connects to the malicious server UPR15MAY.com to acquire information for its spam messages to be sent to contacts of infected users.

2) Killselfz and Ligromind Malware

Similar to the “.at” and “.be” domains, this time the domains used are of the top-level domain. If you come across Facebook messages with phishing links to Killselfz[dot]com and Ligromind[dot]com, do not click on it or else the scammers will plant the malware to your computer.

3) Today, a new wave of phishing attacks on Facebook users is underway. A popular tech news blog Mashable is reportedly discovering two new top-level domains that can steal your Facebook login details and then spam your Facebook friends. If you get Facebook messages which prompt you to click the phishing links to Junfunrun[dot]com and Bulitre[dot]com, stay away from those messages and delete the messages instantly.