Self-proclaimed to be a "quirky list" that "provides some comic relief and certain industry gossip", Full Disclosure does pretty much what is says, and more.
Notably, it's a place where you are welcome to publish full descriptions of exploits and working proof-of-concept code that lets others to unleash those exploits for themselves, and there is no requirement to give anyone else a heads-up first.
Fortunately, in the case we're looking at here, the original poster didn't give so much away that others could take his information and turn it into a new attack without even bothering to understand what was going on first.
→ Proponents of full disclosure, where "full" really means "full", and where you don't even give vendors a head start, say that it's the only way to avoid politics and favouritism. Opponents note that full disclosure often makes it far too easy for copycat attackers who would otherwise be stymied by their own ignorance or inability.
The story is simple, and sadly so often effective.
You receive a Facebook posting that offers you porn; you click through to the website; you see what looks like the promised content, but...
...guess what?
You need a software update before you can view this particular video.
→ The crooks have various different schpiels they can trot out at this point, from insisting that you need a Flash upgrade, perhaps even for "security" reasons, to advising that the video uses a new form of compression or encoding, and needs a custom codec. That's short for coder/decoder and refers to a plugin that handles specific file and compression types.
In this latest "Facebook porn Trojan" malware case described by Mohammad Faghani on Full Disclosure, the malware you are seduced into downloading doesn't just infect your computer.
It can download additional components with additional functionality, so you may end up affecting or infecting other people, too.
Faghani says that one side-effect of this particular malware is to post a Facebook message via your account, and then tag 20 of your friends in the post.
[T]he malware gets more visibility [...] as it tags the friends of the victim in a the malicious post. In this case, the tag may be seen by friends of the victim's friends as well, which leads to a larger number of potential victims. This will speed up the malware propagation.
Not only does that as good as turn the malware into a self-spreading virus, it also leaves you with even more egg on your face that a plain post would.
Sophos products block this malware as Troj/ExtenBro-A, as well as blocking the web pages to which it connects.
That should be enough to stop you getting infected in the first place.
Or perhaps we should be blunt enough to say, "in the third place."
After all, if you didn't click on the free porn in the first place, and on the bogus video player update in the second place, you wouldn't need an alert in the third place!
What to do?
• A video link that suddenly needs additional software is almost certainly a bait-and-switch scam. You're promised X but that's just so the crooks can foist Y on you. If you can't resist the initial bait, at least avoid the switch!
• Take the time to review your Facebook privacy and security settings.That way, if you do make a blunder on Facebook, you will probably limit the effects on other people (and on your own reputation).
• Be aware before you share. Even when there is no malware involved, it's easy to share things you later regret, especially in scams that offer you content that you can only see after you've Liked it.
• Consider running network gateway protection at home. Defence-in-depth says to have another layer of protection to bolster the security software on your computer. Sophos UTM Home Edition is our full business-grade product, 100% free to use at home.
(nakedsecurity.sophos.com)
