Now, a browser plug-in scam that targets Facebook users

FROM: http://business-standard.com/india/news/nowbrowser-plug-in-scam-that-targets-facebook-users/460659/

BS Reporter / Mumbai January 4, 2012, 0:08 IST

The 40 million Facebook users in India should brace themselves for more targeted scams in 2012. Researchers at Websense, a web security vendor, claimed spammers are once again attacking Facebook users through rogue browser extension as a mode for circulating malicious code. A message saying that the plug-in is required for enabling video content viewing on the social networking site is received by the user. A click immediately enables the downloading of the malware, which is then transferred to all the people added in the Friends' list of the user. As a result, malware circulation is carried out incessantly at an unbelievable speed.

Most Facebook scams are fueled by eager users who readily accept requests to share a page, post comment, watch videos or complete surveys in the hope of earning free gift cards to popular establishments or access content on the site. Security researcher at Websense Security labs, Elad Sharf, explained that scam pages typically depend on social engineering tricks, such as through enticing videos or free vouchers as users are automatically motivated to install them in their browser plug-in. According to the Websense researchers, at the moment only Chrome and Firefox plug-ins are being used.

Sharf said, "In this new scam you are encouraged to install a browser plug-in. The plug-in is an integral part of how the scam is spread and it has the ability to propagate by posting in your name on friends' pages. If these tempting offers ask users to install plug-ins in order to get vouchers or watch a video, remember it could be a trick to spread scams, spam and malware."

Facebook has been through a series of scams and malware attacks in 2011. In December, more than a dozen private photos of Zuckerberg were leaked to a photo-sharing site under the headline "It's time to fix those security flaws Facebook". The social network later confirmed that the flaw was the result of a recent code push and was live "for a limited period "- affecting not just Zuckerberg's account, but also an undetermined number of others.

Another security service provider, WatchGaurd, predicts that in 2012 Facebook-based attacks will increase and the social networking site will be forced to sit up and take notice. "Facebook will implement new security solutions on its site to avoid losing disgruntled users. This has already begun as Facebook has partnered with Websense for URL scanning," it notes.