Beware of malware lurking on news websites claiming to containing breaking news stories.
Naked Security has seen a worrying number of Facebook users posting the same status messages today, claiming that the United States has attacked Iran and Saudi Arabia in a move heralding the beginning of World War 3.
Well, that would certainly get your attention, wouldn’t it?
A typical status message looks like the following:
U.S. Attacks Iran and Saudia Arabia. F**k :-( [LINK] The Begin of World War 3?
If you visit the link mentioned in the status update, you are taken to a fake CNN news webpage which claims to contain video footage of conflict.
However, clicking on the video thumbnail prompts the webpage to ask you to install an update to Adobe Flash.
Of course, it’s not a real Flash update, but malware instead. Remember, you should only ever download a Flash update from the genuine Adobe website.
The malware – which Sophos detects as Troj/Rootkit-KK – drops a rootkit called Troj/Rootkit-JV onto your Windows computer. In addition, Sophos detects the behaviour of the malware as HPsus/FakeAV-J.
Within the first three hours of this malware campaign, some 60,000 Facebook users had been duped into visiting the malicious link.
What isn’t entirely clear at this point is how the message is being shared by so many Facebook profiles.
Regular readers may recall how Facebook users were hit by hardcore porn, violence and animal abuse images late last year. Ultimately, Facebook claimed that the messages were being spread via a self-XSS browser vulnerability.
It’s possible that malicious code on users’ computers is sending the message to Facebook without users knowing. To be on the safe side, you should scan your computer with up-to-date anti-virus software and ensure you have the latest security patches in place.
If you use Facebook and want to get an early warning about the latest malware attacks, scams and hoaxes, you should join the Sophos Facebook page where we have a thriving community of over 160,000 people.
