Facebook Virus Turns Your Computer into a Zombie

Discussion in 'other security issues & news' started by Thankful, Dec 5, 2008.

Thread Status:
Not open for further replies.
  1. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
  2. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Fake Flash updates have been around for awhile. A recent notorious one back in August was the CNN video exploit:

    Massive Faux-CNN Spam Blitz Uses Legit Sites to Deliver Fake Flash
    http://www.cio.com/article/441916/Massive_Faux_CNN_Spam_Blitz_Uses_Legit_Sites_to_Deliver_Fake_Flash

    When this type of exploit was seen last year - exploits also included fake Codec prompts - I decided drastic measures were needed, and I advised people to immediately close out the web site/video, no matter how alluring it might be.

    They know that all updates should be from the vendor's web site and *never* to go to one via a URL click either from a web site or from an email. They know how to check their Flash version.

    For social networking sites, the older children can learn to follow these policies. For the younger children, I stress that the parents should keep the computer locked down so that only the parents can install anything. The most bullet-proof methods are those which are Deny by Default. The only two I know are Software Restriction Policies and Anti-Executable. With these methods, there is no prompt to Allow/Deny and no way the child can install anything without the parent's permission. In one case, we customized Anti-Executable's alert message:

    ae-message.gif
    ____________________________________________

    So, if little Mary receives a link to a video from her friend, Sally, gets a prompt to update Flash, decides to click on it, the result is a disappointed Mary because, "Mom, Sally sent me this neat video and it won't play."

    While it is sad that there have been so many victims of these types of exploits, it is evident that it doesn't have to be so.


    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.