More Facebook users hit by second weekend of video attacks, Sophos reports

May 24, 2010 Sophos Press Release

IT security and data protection firm Sophos is warning Facebook users to be on their guard, after hackers launched an attack this weekend designed to infect computers with adware. Hundreds of thousands of Facebook users are thought to have been hit by the attack which posted a fake video to profiles entitled "distracting beach babes".

The malicious posts, which were made to appear as if they were coming from users' friends on Facebook, read:

<name>, this is hilarious! lol :P :P :P

Distracting Beach Babes [HQ] Length: 5:32

Accompanying the messages was a movie thumbnail of a woman in a bikini.

this is hilarious! lol :P :P :P Distracting Beach Babes [HQ] Length: 5:32

However, Sophos experts warn that clicking on the movie's thumbnail doesn't play a video, but takes victims to a rogue Facebook application that informs users that they do not have the right player software installed, and tries to trick them into installing revenue-generating adware.

The rogue Facebook application then posts the same message to users' Facebook friends, spreading the video link across the social network. Sophos estimates that hundreds of thousands of Facebook users found themselves under attack this weekend, echoing a similar scam that spread on Facebook last weekend involving the sharing of a fake video entitled "sexiest video ever".

"For two Saturdays running we've seen Facebook users hit en masse by rogue applications and adware downloads, disguised as sexy videos," said Graham Cluley, senior technology consultant at Sophos on his blog. "It's time for Facebook to set up an early warning system on their network, through which they can warn their almost 500 million users about breaking threats as they happen. A simple message appearing on all users' screens warning them of the outbreak would have helped in halting the attack."

Sophos notes that Facebook has created a group dedicated to security issues with over 1.8 million fans. However, at the time of writing, no specific warnings have been posted on the group about either the "sexiest video ever" or "distracting beach babes" attacks.

"Unless something is done, it won't be surprising if there is another widespread attack this coming weekend, affecting thousands more users," continued Cluley. "Facebook needs to both try and prevent these attacks from happening, and better co-ordinate its response when an outbreak occurs."

Facebook users hit by the attack are advised not to click on the links or allow the Facebook application to run.

Sophos's Facebook group, which warns of emerging threats on Facebook, can be found at www.facebook.com/pages/Sophos/28552295016

Affected users are advised to scan their computer with up-to-date anti-virus software, change their passwords, and review their Facebook application settings and remove any Facebook applications installed during the attack