click to enlarge

The message goes: PLEASE READ CAREFULLY

This message is for every Girl Who Goes to college or office alone. If u find any child carrying on road showing his/her address n asking u to take him/her to that address,take that child to police station n plz don’t take it to that address . IT IS A NEW WAY GANGS TO STEAL, RAPE, and KIDNAP GIRLS . plz circulate to all .don’t feel shy to copy This as ur status .

OUR ONE MESSAGE MAY SAVE A GIRL

This Facebook wall post has been live in public since Q4 of last year, so before it picks up steam and encourage more sharing within the platform, please do realize, dear Reader, that this is a hoax—all fake, from the image to the story behind this message.

Variations of this hoax have been circulating the Internet for years. Would you believe that the lure tactic—about children being used to lead women to their prey—might have stemed from an urban legend set in World War II decades ago?

Helping people on Facebook by sharing things that you deem important is a good cause; however, spreading hoaxes such as this one can only lead people to needless worrying and panic. That said, I implore you not to share this further, within Facebook and outside it. Before you click “Share”, research.

Also, please do not be alarmed (much less believe) if you see something like this on the Internet:

click to enlarge

Jovi Umawing (Hat tip: Facecrooks.com)

click to enlarge

The 19-page Internet Threats Trend Report mentions malware and spam trends in Q4 of 2011. It also ranks website categories that are most likely to house malware if compromised—Sites tagged as Pornography are at #3. Below are other notable finds in summary:

• India, Vietnam, and Pakistan were the top three countries with the most zombie computers.
• Phishers mostly targeted sites that were related to Games and Gaming.
• In Q4, spammers used fake @gmail.com email addresses to trick users into responding to their spam messages.

The report can be downloaded here.

Jovi Umawing

We’ve seen the tweet above pointing users to the URL, canbin(dot)ru—a domain created just late last month. Once users click it, they are then directed to twvitter(dot)com/user_login-sessions/?timed_out=1. It’s a phishing page.

There are two things we can take note from it: (1) the URL, which clearly tries to play tricks with our eyes (much like this one), and (2) the purported Twitter session that has timed out. Naturally, if one is logged onto Twitter and sees the message, they’ll wonder for a second, and then unknowingly key in their user name and password anyway. Perhaps the only “error” we can see in this attack is that the site attempts to access the actual Twitter site the same way a real third-party app or site would to make everything seem legit. However, Twitter requires tokens from such apps and sites. Since we know that this is a bogus page, it doesn’t have a token; thus, it can’t successfully redirect users to their actual accounts as it was supposed to.

We impore you, Dear Reader, to please exercise caution when clicking links on tweets. Even better: use your better judgment on whether you’d believe a supposedly interesting tweet or not before considering visiting the URL that goes with it. More often than not, scam tweets are designed to sound this way to actually make Internet users click them. Please don’t be fooled.

Just like the “Girl Killed Herself” scam that made rounds within Twitter not so long ago, this, too, will probably go down in history as a classic attack involving two social networking giants. This is not a comforting news. As long as user continue to fall for scams, they will just keep coming.

Jovi Umawing (Thanks to Chris for spotting this)

The worm is also found to have anti-VM capabilities, making it useless to execute and test in a virtual environment, such as Oracle VM VirtualBox and VMWare.

Please keep in mind that securing your information, including your social network credentials, is a must. Never unknowingly click links on messages sent over by online contacts. Make sure that they did send messages to you first before doing something; else, it is best if you simply delete them from your message inbox.

Jovi Umawing

Clicking the link of this supposedly scandalous video leads to this page (Note that the URL is already something outside of the said social networking site, which is ezreality(dot)tk/):

Clicking the play button of the player displays a text on the screen which says:

Restriction: To start the video, please share it again and click the >> play << button

If users click the Share button, they are sent to the legitimate Facebook login page where they can enter their credentials if they’re not logged in. If they are, a browser window opens to show them exactly what will be posted on their Facebookwall.

Sharing this video, as it turns out, is not an option. If users ignore the text displayed on the screen and click the play button the second time, a window pops up to remind them that they have to share the video before it can be played. There’s no way around this one.

Once shared and the the play button is hit, users are led to a video of Rihanna overlaid with a survey:

Survey scams have been plaguing Facebook users for the longest time, and scammers never fail to get someone to click on their links—and a lot of users are falling for these. It’s not that the scammers’ technique is sophisticated enough. It’s how they socially engineer scams to make them too interesting for anyone to pass up. Below are a just few of these scams on this social networking site that we’ve spotted:

• To Know or Not to Know: That is the Facebook Question
• The fake BBC video Facebook scam returns
• Profile Watch pops surveys on Facebook

We encourage users to abide by this general safety rule when browsing Facebook: Refrain from clicking links, especially those that come with a video, from anyone on your stream that has a titillating, if not controversial, hook. More than likely, it’s just bait for something nasty in the end.

Jovi Umawing (Thanks to Chris for the assist)

The link directs to the Facebookpage of ChatSend where one can readily download the app. Upon execution, it shows a GUI containing its Terms of Service and Privacy Policy. The GUI, however, is narrow and the text is not wrapped within the width of the text box, which makes it difficult for users to read as they need to scroll from left to the farthest right.

Note the pre-ticked boxes that will install the toolbar in all browsers, set web search as default and change the homepage.

After installing, a window pops up to inform users that there has been an error in installing the program; however, it installs just fine.

Not only does the program send the message seen in the first screenshot without notification, it also sends the same message via Facebookchat (if enabled) to all, too.

Interestingly, the EULA fails to detail the steps on how to uninstall the application should users change their mind about it when it was clearly stated:

“If you wish to withdraw your consent to any of ChatSend features as described herein, you should uninstall the Software from your computer. Uninstall instructions are detailed above.”

As far as we can see, there are no instructions “detailed above”. The uninstall steps are in their Facebook page (added yesterday) under the FAQ tabwhen clearly it should be included in the EULA. Despite this, uninstalling simply requires a visit to Add / Remove programs, or opening up the browser add on tabs in your browser of choice.

Do keep an eye on this one, Dear Reader, because Facebook blocks any URLs / links related to the ChatSend domain and there’s quite a few posts like thisstarting to appear on help pages.

Jovi Umawing (Thanks to Chris for the assist)

What made this particular scam interesting is that the scammers had used and abused a Facebook token generator to spread it. A token is basically an electronic key that is used to access something one does not readily have access to. In this case, a token is used to gain rights to post on Facebook walls.Once users click the link of the scam post, they are directed to www(dot)southwestisbest(dot)com where an entry box pops up, asking users to “access the offer” by entering a validation code. You can’t go around this one, since there is no option to somehow allow a user to decline to do this action.

“Click Here to Generate Your Validation Code” – and a small browser window, with the URL m(dot)facebook(dot)com/ajax/dtsg(dot)php, shows to display the code.

Hitting the Submit button enables the app to post on the user’s Facebook wall. “But wait!” It doesn’t end there though. Users, clearly unbeknownst to the posting done on their walls, are then redirected to a page asking for their email addresses. After this, they will be asked to complete a survey.

Our experts had already reported this to Facebook and the sites had been taken down shortly after, in turn also terminating the issuance of tokens.

There are other Southwest Airline scams that have been making rounds on Facebook. One such scam was found by our friends at Sophos (Do check out that post, too). So far, however, this is the only one we’ve seen that uses tokens.

As the Christmas season draws near, criminals are taking advantage of consumers wanting to grab the cheapest flights towards their destinations. And they have been for the longest time we can all remember. Be prudent and smart when it comes to gimmicks you see online, never click on links that offer things that sound too good to be true, and never give away any information until you know what these companies are going to do with them.

Jovi Umawing (Thanks to Matthew for spotting this)

This competition is now closed.

Are you a fan of GFI Software on Facebook?

If you are, then you’re great! If you’re not, now’s the perfect time to become a fan and share your news and interact with other GFI Software fans.

Why?

Because we’re giving you the chance to win the brand new just released iPod nano 8GB (6th Generation)!!

What do you have to do to win it?

Absolutely nothing!!

One name from our fans  (both existing and new) will be drawn at random on Monday, September 27 2010.

Spread the word about this great competition and while you’re at it become a fan on Twitter too.

Good luck!

Terms & Conditions

After our successful GFI Backup 2010 – Business Edition Twitter competition last month, we’re launching another competition where you have the chance to win a fantastic NAS (Network Attached Storage) drive every day for a week!

We’ve got 5 NAS drives to give away so we will randomly pick a person every day to win a Netgear Stora 1TB Home Media Server – 2 Bay Network Attached Storage (1 X 1TB drive included).

Winners

Monday – Neil Jordan (Profile ID 1782289157)
Tuesday – Omar Gialluli (Profile ID gialluli)
Wednesday – Chris Wong (Profile ID chriswong13)
Thursday – Gabriele Pallassini (Profile ID gabryp)
Friday – Thomas Korb (Profile ID thomas.korb)

Would you like to win? Participating is simple…

How to Win

1. Become a fan of GFI Software on Facebook and,
2. ‘Like’ the status that shows this blog post promoting the competition on Facebook.

Competition Dates

The competition runs from 17^th May – 21^st May 2010 and we will pick ONE winner per day.

Prevent the hassles of data loss by backing up with GFI BackUp 2010 – Business Edition and participate in our great competition for the chance to win with GFI Software!

Winners will be notified via FB and names will be published on this blog post. Terms and conditions apply.

Terms & Conditions

• GFI Software employees & their families cannot take part in this competition
• GFI cannot guarantee the brand of the prize being shipped out; it is subject to availability
• All entrants must be fans of GFI Software on Facebook until the winners are announced
• People who were already fans of GFI Software on Facebook are eligible to participate
• Only entries that follow the above instructions will be considered valid
• Upon contacting the winner/s, if no reply is received within a week, GFI retains the right to choose another entry
• GFI retains the right to cancel/change this or any promotion without notice
• GFI’s decision is final and no correspondence will be entered into

As with all things in life, there are dangers and then there are dangers. Recently I was faced with some of the worst dangers that these social sites can generate.

The Perils of Social Networking Love

A friend of mine who knows that my line of work involves internet security came to me with a problem she faced. A friend of hers met a guy from a different country on one of these social networks and fell in love with him over time. It might be important to note that it was the guy who initiated the contact. That’s generally great; however, my friend is afraid that he may be trying to play her friend and after hearing the story I think she is quite right to be worried, so much so that I believe it’s even worse than what she was initially suspecting.

The first red flag was raised when this guy said that he really wants to meet her but unfortunately needs a large sum of money in order to get a visa to visit the country. Classic dating scam. Luckily the sum which he said he needed was so large that she couldn’t afford it, because if she did it is quite likely that she would have sent it over without a second thought.  As if that wasn’t enough proof of this person’s malicious intent, another girl contacted my friend’s friend and told her about her bad experience with this person and cautioned her to be careful. However, when confronted with this information, the potentially malicious person said that he used to date the girl who had contacted her but had left her a while ago and now she just wants revenge. The girl believed his story even in light of the earlier scam attempt.

However what really got me worried was what came next. This guy suggested that they should meet in a different country and get married there. The biggest problem here is that, as far as I could tell from my research, the country which he suggested and the home country of this girl has the same exact same visa requirements. Actually the country which he suggested requires extra monetary guaranties that he would need to fulfill, which he wouldn’t need to for a visa in the girl’s country of residence. What’s a lot worse is that the country which he suggested is pretty well known for human trafficking.

And this had a profound effect on me because the first thing that went through my mind is one of the first things that you’re taught in security i.e. never think that it cannot happen to you. I honestly admit that my first thought was that it couldn’t possibly be that bad, I was just being paranoid.  But then my security instinct kicked in and I decided that it’s better to be safe than sorry so I told my friend what I was suspecting – that this guy tried to scam the girl, but because she wasn’t rich enough to satisfy his scam, he might be going to plan B which is to try to sell her instead. I didn’t take this decision lightly; I know my friend came to me to ease her worry primarily and I was about to make it a lot worse but I dreaded the consequences which would be a lot worse, if it turned out that I wasn’t being paranoid after all.

After a lot of effort we managed to convince the girl not to travel to meet him, however she still insists that he is genuine. Yes, she still thinks that she wasn’t being scammed when he asked her for money.

Protecting yourself against social engineering scams

That’s my story so far, so now let’s concentrate on the essence of it. Even if this was all a misunderstanding the risk is real. Social networking is always a great tool for social engineers. Knowledge is power and this is especially true when it comes to social engineering. The more the social engineer knows about his victim, the more likely he is to be successful in his schemes. I am generally against monitoring and restricting but stories like this make me stop and think whether it is the right thing to do after all.

What if this sort of thing were to happen to my children? What if s/he falls in love with a person of malicious intent? We all know how dangerous strong emotions can be, trying to save her/him once s/he is deeply in love will be impossible and the more you try to do to convince her/him of the mistakes s/he might be doing, the more likely it is  to drive him/her away. What’s worse is that even if you manage to expose the scam the emotional impact will certainly be devastating at this stage. On the other hand the only other option would be to switch to a 1984 state of affairs and rigorously monitor any and all communications. Both are obviously wrong.

And this is not just for your household; the same applies to the workplace. Over monitoring your network will have detrimental effects on the employees’ morale, and might even be illegal in some cases. However even if it were legal, would you want to monitor your employees’ communication on social sites? What about private emails? The obvious, safer solution is to disallow these sites however this will have a detrimental effect on morale too.

I guess in both personal and professional scenarios your best bet would be education. Although it will not be 100% effective, some people claim that it’s not effective at all, it will hopefully make people question such events if they are aware of the risks. On the other hand, in cases such as a dating scam, the request for money will happen when it’s too late, as the person will already be too hooked to second guess anything so education is unlikely to work here.

Who’s really lurking behind that profile page?

The dating scam is just one of the scams that are happening via social networking. I have heard on a first hand basis of people being scammed for many things. Malicious people making friends with victims and after a while say that they have to drop out of school because they can’t afford it. In some cases the victims themselves offer to help out financially and are thus scammed of their hard earned cash without  even having to be asked to hand over money. At the end of the day social networking is a haven for con artists. Con artists can befriend their victims very safely. You become friends to a profile in essence and there is no guarantee that the profile has any truth to it whatsoever. If a con artist is patient he can build a good trust relationship and then spring any number of traps – from fake lucrative investment schemes to a great opportunity that cannot be passed by.

Finally I caution you to not make the classic mistake of thinking that this could never happen to you or your loved ones. I urge you to always be on guard. Furthermore it might be a good idea to warn friends and family about the dangers of social networking. When I explained the dating scam/human trafficking risk to my friend her answer was, ‘I didn’t know that this happens on the internet’ which is a common and ultimately understandable stance. People who aren’t in IT wouldn’t automatically think of these issues unless they experience them firsthand and by then it will be too late.

What do you think? I would love this to turn into a debate on the different views regarding social networking. Which method would you choose to protect yourself and others, both at home and professionally? Do you think that the blocking option is the right way to go? Monitoring perhaps? Or do you believe that education is effective enough to be the only safety mechanism in place?