Fake News Headline “U.S. Attacks Iran and Saudia Arabia” Leads to Malware on Facebook

If you see a post on Facebook claiming that the United States has attacked Iran and Saudi Arabia, don’t click on it.
Facebook spam: 'U.S. Attacks Iran and Saudi Arabia'

U.S. Attacks Iran and Saudia Arabia. F#ck :-( [http://randomdomain.co.uk/cnn/] The Begin of World War 3?

Cybercriminals are hoping that users won’t be able to resist the headline, follow the link to a spoofed CNN site – all of which appear to be on UK domains – and fall for the old “you need to download a Flash update” routine.

Spoofed CNN page claiming U.S. Attacks Iran Saudi ArabiaOf course, it’s never a good idea to download any kind of software update from an unknown party.

Instead of downloading a Flash update, you will get malware that researchers over at Sophos security have identified as Troj/Rootkit-KK, which drops a rootkit called Troj/Rootkit-JV onto your PC.

Adobe Flash Player Update NeededWhile Sophos doesn’t have a solid idea on just how the malicious messages are being spread, they suspect that malware residing on user machines is the culprit.

In addition to users taking the precautionary route of doing a full system scan using whatever antivirus software they use, I suggest checking for rogue browser plug-ins that may have inadvertently been installed at some point and reviewing the list of applications that have access to your Facebook profile.

You can check to see what apps have access to your Facebook profile by clicking the little arrow icon, selecting ‘Account Settings’ and then clicking ‘App’ in the left-hand navigation.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security, internet scam, malware, spam and tagged , , , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5