Deja vu: New scams hit Facebook and Twitter

Updated at 4:20 p.m. PDT with Twitter phishing attack, at 4:10 p.m. with Facebook comment and 2:30 p.m. with attack also downloading malware onto computers.

Phishers were having a field day with Facebook and Twitter on Thursday.

A new phishing scam hit Facebook users that, like others in recent weeks, sends them to a Web site which steals their log-in information and also secretly downloads malware onto computers when they visit the malicious Web site in what is known as a "drive-by download."

Meanwhile, Twitter users were getting messages from new followers that were posting links to a fake Twitter site with "tvvitter" in the tiny URL, Graham Cluley of Sophos wrote in his blog. His blog has a video of the phishing attack in action. Twitter representatives did not immediately respond to e-mails seeking comment.

In the Facebook attack, messages circulated with a subject line of "Hello" and a prompt to check out "areps.at" or other URLs ending in ".at".

The URLS, before being blocked, directed the visitor to a fake Facebook page. If you logged in to the site, it would steal your e-mail and password, log you into Facebook, automatically change your password, and send the same message to all your Facebook friends, according to the All Facebook blog.

The malicious Web sites also spread the Koobface worm and install the Trojan.BHO, among other malware, onto unsuspecting computers, according to a CNET News test using Internet Explorer. But the URLs were blocked by Firefox and flagged as a "Web Forgery" as of 9:50 a.m. PDT.

"Whoever is behind the scam has been steadily amassing a large number of e-mail addresses and passwords over the past few weeks," the blog says. "Some days as much as three scams will spread throughout the site (possibly even more). Facebook rapidly shuts down all references to the site but by then the scam has spread to thousands of users."

Facebook spokesman Barry Schnitt said: "The impact of this attack or the previous ones are not widespread and only impacted a tiny fraction of a percent of users. We've been updating our monitoring systems with information gleaned from the previous attacks so that each new attack is detected more quickly."

The site has blocked links to the new phishing sites from being shared on Facebook, added them to the block lists of the major browsers, and is working with partners to have the sites taken down completely, he said. Facebook also is cleaning up phony messages and wall posts and resetting the passwords of affected users.

Other safe computing tips from Facebook:

--Use an up-to-date browser that features an anti-phishing black list. Some examples include Internet Explorer 8 or Firefox 3.0.10.

--Use unique logins and passwords for each of the Web sites you use.

--Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.

--Be cautious of any message, post, or link you find on Facebook that looks suspicious or requires an additional login.

--It is important that impacted users reset all accounts (not just Facebook) that use the same credentials. We believe the bad guys here are phishing an account and then trying those credentials on webmail providers. So, for example, if a user is compromised on Facebook and has the same login and password for their Gmail, the attacker may be able to intercept the Facebook password reset and compromise the account again in the future. This is one of the reasons why people need unique passwords for their online accounts.

--Become a fan of the Facebook Security Page (www.facebook.com/security) for more updates on new threats as well as helpful information on how to protect yourself online.

Separately, some Facebook users reported difficulty accessing the site on Thursday morning. It was unclear whether the connectivity issues were related to the phishing scam.

[angeloj.rossi]

Thanks for the heads up!

[wratbatblue]

What kind of idiot, in this day and age, looks at something that says "Hello, check out xxxx" AND THEN CLICKS ON IT?

[B-Ri]

Not sure, but maybe when my nigerian money comes in I'll organize a research group to determine the answer to that very question.

[Fatesrider]

Never underestimate the power of human stupidity. And people wonder why social networking sites are dangerous?

[Jlmc727]

So true and the sad thing is Ignorance can be fixed stupidity is forever

[jb_dean]

Thank goodness I'm on a Mac! Those Mac and PC commercials aren't joking when they say that Macs are hack-free. Hackers don't bother with us. I've never had a virus in all the years I've used Mac (since about 1988) except for one; the Melissa virus was set to get everyone. I.Love.My.Mac.

[zyxxy]

It is not a PC hack. It is not a MAC hack. It is a social engineering hack. Phishing is platform agnostic. It hacks the person at the keyboard, not the computer. Rereading your post, maybe you are being sarcastic. If not, please don't hide your ignorance behind your snarky attitude.

[rshelton3000]

jb,

Macs are NOT virus free! That is a scam itself. There are and will be viruses written for Macs, one was just found a few days ago.

[AnthonyNYC]

As others pointed out this isn't a virus per say, but more a scam, that affects facebook users no matter which type of PC they use to log onto. As far as the mac user not getting but one virus since 1988, LOL I use a PC and have NEVER gotten a virus since 1992? when I switched from my Amiga.
But that is because of how I use my PC and I am careful in opening and running attachments, but now that just logging into infected legide eb sites is a threat, it is more dangerous for everyone.