Facebook Combats Phishing Attack
During the latest Facebook phishing scam, detected Thursday, attackers aimed to steal credentials such as usernames and passwords by directing users to fake login sites. Hackers used compromised accounts to send an embedded link to contacts on the victim's Facebook friends list, along with messages that said "check 151.im," as well as "121.im" and "123.im." Users opened the messages thinking that the message was coming from a Facebook friend.
Once users opened the links, they were immediately directed to a fraudulent Facebook login site prompting them to re-enter their login credentials. The site was in actuality a spoofed page designed to steal login information, which would be used by the hackers to send spam, soliciting fake pharmaceuticals and other merchandise.
"This seems to be an out-and-out, brute-force type of attack. Compromised accounts are being used to post links on people's walls," said Michael Argast, security analyst for Sophos. "It spreads and it spreads."
It seems to be affecting a wide enough base. It's probably safe to say it's in the millions of users," Argast said."It's hard to know exactly."
Facebook has thus far declined to stipulate the total number of affected victims, according to Reuters.
"We're aware of the attack and are already blocking links to these new phishing sites from being shared on Facebook," a company spokesperson said. "We're also cleaning up phony messages and Wall posts and resetting the passwords of affected users. We think this is related to the fbaction.net/fbstarter.com campaign of a couple weeks ago."
To combat the problem, Facebook said that it has blocked the compromised accounts and has deleted references to the fake domains, Reuters reported.
Security experts say that the social networking giant has become much more responsive and efficient in controlling and eliminating security threats over the last year, but is still experiencing growing pains that prohibit it from effectively staying ahead of the barrage of phishing and malware attacks launched by hackers.
"Facebook is doing a lot to manually stomp out the (phishing) links. They're trying to stay ahead of the attacks, but they're pretty prolific," Argast said. "They still have a long ways to go. The hackers are innovative. They're always going to come up with new attacks. It's going to become a constant struggle."
So far, the latest Facebook phishing attack doesn't appear to distribute malware, however security experts speculate that the stolen login credentials could also be used by hackers to break into other user accounts, including banks and PayPal, which often require the same passwords.
Meanwhile, researchers at Panda Security have detected the estimated 56th variant of the Koobface worm that has wreaked havoc on numerous social networking sites, including Tagged, Friendster, MySpace, MyYearBook, Fubar, Hi5 and Bebo since it was discovered in May 2008.
The Koobface worm was responsible for spreading malicious software to millions of Facebook account holders, which was used to steal information and record keystrokes for identity-theft activities. Security researchers estimate that the multiple Koobface variants have infected about two million of the site's more than 200 million users.
Koobface-related infections have grown 1,200 percent since the worm was detected a year ago, with more than 40 percent of the infection based in the U.S., according to Panda Security.
Security experts say that the success of phishing and malware attacks can be attributed to the fact that users are often more trusting of messages that appear to come from contacts on social networking sites -- in part because many sites only share personal data with other account owners listed as Facebook "friends."
However, that trust is slowly being eroded as users become more aware of existing security threats that target their accounts, either through the press or word of mouth.
"We're starting to see more savvy users practice good behavior," Argast said. "Today people are more cautious. That's just a natural learning evolution."