Warning: Facebook 'News' Videos Auto-Install Trojan

There's a new malware attack on Facebook and it's significant for multiple reasons. This attack in particular spreads through bogus links, and it appears to change form in line with news events.

While there have been several similar scams in the past, they've usually involved tricking users into handing over personal data or outright hijacking accounts.

Malicious Drive-by Downloads Initiated on Click

The new Facebook attacks tricks users into clicking on a link to a supposed online video.

Once the link has been clicked, a Trojan virus is automatically downloaded to the users' computer without consent (this is known as a drive-by download). Once the virus is installed, it publishes links on the user's own Facebook account in order to redistribute the scam to other contacts.

Security researchers are still trying to figure out exactly how the attack works. They originally thought it was related to Facebook's "like" feature, in which users can promote a post or link by giving it a virtual thumbs up, but now suspect the scammers are simply using the "like" icon to make the bogus links more credible.

Bogus Claims Change During Day

Interestingly, the supposed video that the links claim to post to has changed.

Originally, it purported to be a clip involving alleged activity by Dominique Strauss-Kahn, the former head of the International Monetary Fund. At noon (eastern US time) on Thursday, the infected links were replaced by ones claiming to lead to an intimate video with singer Rihanna and Hayden Panettiere. (Source: f-secure.com)

That switch, and the fact that it happened precisely on the hour, suggests the scammers may be trying out different subjects to see which ones fool the most users.

Malware, Payload Location-Dependent

It appears that only users in particular countries such as the US and UK are led to the malware, with those from other countries simply redirected to a safe website, such as YouTube.

That's probably because the hackers believe they stand a greater chance of selling bogus security software at high prices to American and British victims, and that their credit card details will prove more lucrative.

The scam also automatically checks to see if the user is running Windows or a Mac and offers up bogus software appropriate to the system. That appears to be capitalizing on fears that Macs have suddenly become more prone to viruses: in fact, they are becoming a target for so-called "scareware" scams that falsely claim a computer is infected. (Source: theregister.co.uk)