Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Google Reader exploit targets Facebook users

Fortinet : 30 October, 2008  (Technical Article)
Fortinet offers advice to Facebook users on how to avoid becoming victim to the latest exploit which makes use of Google Reader
Fortinet has detected a malicious Facebook worm that is trying to make use of Google Reader (an application for organising and accessing your most visited websites) to gain trust in visitors so that they download a malicious codec onto their machines. How? A malicious video is distributed through the Facebook worm and then attempts to 'socially engineer' trust by redirecting out of Facebook to a Google Reader site.

Fortinet has notified both Facebook and Google, and posted an advisory on its FortiGuard Centre.

Guillaume Lovet, Senior Manager at Fortinet's FortiGuard Global Security Research Team , advises the following 'Top Five Tips' to avoid becoming a victim of this potentially devastating attack:.

1 Beware of messages with a link inside.

2 If you do detect any such messages, ask yourself if the message you're reading is from who it claims to be. It is actually very easy to separate messages that are from people you know, and imitators, as worms cannot imitate people's own style of writing.

3 Be vigilant about video content. A lot of social engineering sleight of hand used by social networking sites rely on teasing the victim into watching a video. Keep in mind that online videos share a very common format (i.e. Flash), so if you can normally see flicks on youtube or dailymotion, you won't ever need any additional plugin or codec. Most importantly: codecs which come in the form of executable setup files are, in this context, Trojans.

4 Don't browse the Web with a system that's not up-to-date with security updates. Often, those malicious end-points carry some web-browser exploits that will actually push the Trojan onto your system without your knowledge, let alone your interaction. This won't happen if your browser is up-to-date. You may prefer alternate browsers for that purpose, hence reducing the exploit surface in your technology.

5 If you have already been fooled by the virus, antivirus protection may very well save you. Note that a combination of antivirus and Web content filtering would create stronger protection, as if the malicious site is blacklisted on the Web filtering part, antivirus may not be needed to make the attack fail. However, it is always good to have both due to the ever increasing sophistication of threats.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo