There is a new phishing scam making the hoola hoop at Twitter, Facebook, and other social networking sites.
What is Phishing?
The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social , and bank account numbers, that the legitimate organization already has.
The , however, is bogus and set up only to steal the user’s information. These latest phishing frauds tempt you to click on a link with a message that goes something like, “hey! Check out this funny blog about you…” When you click on the link to the website, it will look like the login page for a legitimate website (say, Twitter, facebook or orkut), and asks you for your username and password. The result is the scammer hijacks your account.
A Facebook or Orkut member (let’s say you) receives a message that appears to come from a friend and tells you how amazing you look in a new video. To see that video, you are told to click on a link, which deviously takes you away to a compromised site that tricks you into updating your Flash software to upoad a FLV file or SWF file. Your attempt at an honest update enables an executable file that installs the Koobface worm, which installs a proxy server that redirects Web searches and enables ad hijacking and click fraud.
What is Koobface Worm?
Koobface spreads when a user accesses his/her MySpace or Facebook account. The worm creates a range of commentaries to friends’ accounts. Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam messages and sends them to the infected users’ friends via the Facebook site. The messages and comments include texts such as Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments and many others.
Messages and comments on MySpace and Facebook include links to http://youtube.%5Bskip%5D.pl. If the user clicks on this link, she or he is redirected to http://youtube.%5Bskip%5D.ru, a site that ostensibly contains a video clip. If the user tries to watch it, a message appears saying that s/he needs the latest version of Flash Player in order to watch the clip. However, instead of the latest version of Flash Player, a file called codecsetup.exe is downloaded to your machine; this file is also a network worm. The result is that users who have come to the site via Facebook will have the MySpace worm downloaded to their machines, and vice versa.
While the end result of the Twitter and Facebook phishing scams do different things — one hijacks your Twitter account, one downloads malicious software to your computer — the initial hook is similar. They both send you a message from a “friend”, claiming to have seen a photo or video of you. This hook is especially effective because it piques victims’ curiosity (who wouldn’t want to see videos of themselves?) while preying on their trust of social networking “friends”.
To protect yourself from this and other phishing scams please follow the mentioned below URL or click the image:-