I just blogged about a potential new Facebook worm. It may turn out that it is not a worm, but another type of attack that involves multiple levels of criminal organizations, which to some degree are being aided by the privacy laws in the Holland.
To begin with there are stolen credential attacks. The two primary ways that a crook steals a Facebook account are by phishing for the information and by guessing the username and password. If you use the same password at Facebook that you used on another site and you got phished for another site then the odds are the bad guys will get your Facebook or MySpace or other social networking accounts.
The stealing of account credentials is the first level of crime. Next come the spammers who use the stolen accounts to send email or instant messages. In the Facebook case we are following it could be a case of stolen credentials but there are signs that clicking on the IM causes your Facebook account to IM your friends. Selfishly, my friend who didn’t click on the IM won’t click on it so I can see if it IMs his friends :) The IM is for spam and contains a link. The link goes to a web site registered in Holland. Because of Holland’s privacy laws we are unable to find out who owns the domain. As long as crooks can hide the ownership of domains we will have a much rougher battle against cybercriminals. It is possible that the level of crime stops at the spammer who is probably being paid to direct traffic to a web site. The operators of the site receiving the traffic may not know that the spammer is using unsavory tactics to redirect.
After clicking on the link in the IM there are at least redirects before you arrive at the site that lets you turn your picture in to a cartoon. To share the cartoon you have to sign up for a service that costs $9.99 -$19.99 per month. The terms of service indicate that you text messaging capability is required for all services.
This may be a legitimate, if not over-priced web site, however there are still more potential levels of crime here. By signing up your cell phone might start automatically calling premium rate phone numbers. Your credit card details could additionally be sold to other criminals.
It is not uncommon for people to have their credentials stolen thereby allowing a hacker to access their email and social networking accounts. For this reason you must take extra precautions to be sure that when a friend sends you a link you verify it really was the friend who sent it. One wrong click and you may spam all your friends. If the link directs you to download or run a program be even more wary.
Director of Technical Education
Author ESET Research, ESET