12345

2/10/2011

Watch out the Valentine's day's scam.

1. Introduction

Valentine's day is coming.
With malicious file trends these days, various spreading cases through Facebook have been reported on Feb 10, 2011.
This issue can be a big source of social engineering technique to spread malicious file.


2. Spreading path and symptoms of infection

Recently reported malicious application can be spread via Facebook's wall.


As you see the figure above, you can find that the inserted link is a type of converted address.
Since convert address can be hardly known before clicking, general user can be easily induced to malicious web site.

If a Facebook user infected by this malicious Facebook application, it will ask the permission on writing wall.
Allowing the permission will post on your wall and recommend friends to accept this malicious application.


* Posted on wall
Is there a girl/boy you really like? why not show him/her via Facebook! give him/her a Love Poem and a Love Heart straight to his/her wall! Get Started Here: [malicious link]

Upon infected, following application will be run.


Usually, this kind of malicious application for Facebook aims at collecting user information and advertisement.

3. How to prevent

In case of this malicious files spreading through SNS or twitter, it tries to get permission on writing wall and re-distribute for its advertisement.
Because collected information is used for spreading malicious file, being confused and infected on general users is the biggest feature of this application.

To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.

No comments:

Post a Comment