IT security and data protection firm Sophos is warning Facebook
users to be wary following a video attack on users this weekend
designed to infect computers with adware. Thousands have been hit
by the attack which posted a fake video to profiles claiming to be
the "sexiest video ever".
The malicious posts, which seemingly came from users' friends on
<name>, this is without doubt the sexiest
video ever! :P :P :P
Candid Camera Prank [HQ] Length: 3:17
The messages were accompanied by what appeared to be a movie
thumbnail of a woman on an exercise bicycle wearing a short
However, Sophos experts warn that clicking on the movie's
thumbnail doesn't play a video, but takes victims to a Facebook
application that tells them they don't have the right player
software installed, and tries to trick them into installing
"You may want to watch a sexy video, but you're more likely to
end up being plagued by pop-up advertising," warned Graham
Cluley, senior technology consultant at Sophos. "Not only is
adware being installed on your computer, but the rogue Facebook
application is posting the same message to all of your friends'
accounts. It's no surprise that your friends might click to watch
the movie when it looks to all intents and purposes that you are
the person who has sent it to them."
Facebook users hit by the attack are advised not to click on the
links or allow the Facebook application to run.
"If you fell victim to this attack, scan your computer with
up-to-date anti-virus software, change your passwords, and review
your Facebook application settings and remove whatever application
was installed during this attack," continued Cluley. "70% more
Facebook users are
reporting being attacked by malware via the site in the last
year, and the problem only seems to be getting worse. Social
networking users need to learn not to fall for simple but effective
social engineering tricks like this in future."
More information about the attack can be found on
Graham Cluley's blog.