Browse archive

Latest news

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

A spotlight on grid insecurity

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Hacking charge stations for electric cars

Twitter messages lead to phishing AND malware

Posted on 20.09.2012

If you have received a private message from another Twitter telling you "lol ur famous now", have followed it to a fake Facebook page requiring you to log into Twitter to see the video in question and have ultimately done what was asked of you, you are in danger of getting your account hijacked and malware installed on your computer, warns GFI's Chris Boyd.

The scheme is rather clever and far-reaching. After having entered their Twitter login credentials - and effectively giving them over to the scammers - the victims are redirected to a website displaying a fake YouTube video set against a fake Facebook background.

In order to view the video, the users are urged to download an update for YouTube player:

As expected, the offered file is no software update, but the Umbra malware loader, which creates hidden files, starts executables in folders, and enslaves the machine into a botnet.

The scammy app page has already been removed by Facebook but, nevertheless, users are advised to download software updates from official sources and not to trust every private message they receive via social networks.