Monday, March 2, 2009

Watch out for fake FaceBook emails

Today, one of our old friends, Mark Coker got three different emails purporting to be about Facebook. He twittered about it here and asked me what it was about.

He actually got three emails, all in short order, with this subject (remember, future attempts will have different subjects) ...

Review - My family invite you out for lunch, don't hesitate!

And if you click the embedded link, you're taken to a fairly convincing looking facebook page...




Notwithstanding the funny looking url that I've circled in red, the rest of the page looks convincing. If you are alert enough to look at the url, then you know you're not at a real FB page, but as I've often said, they don't want to catch everyone.. .they don't want to cut down the apple tree... they just want to shake it and pick up the apples that fall off.

If you click anywhere on the image, you get the "pitch" screen, that looks like this...




and then you get a convincing looking adobe download dialog. Given the number of recent Adobe updates, this will catch a bunch of folk, and they will indeed run the installer. This approach, by the way, works no matter how well you are patched, and probably even works if you are running full-blown UAC in Vista....



If you run it, of course, you no longer own your machine. It belongs to them, because it installs a rootkit....



This one is worse than most, because once it runs, it's subtle... it doesn't pop up messages asking you to install some antispy ... it's just _got_ you.

Remember, as the economy worsens around the world, the Bad Guys are more motivated than ever to get into your pc.

Keep safe folks,

Roger

No comments: