Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    February 2012
    S M T W T F S
    « Jan    
     1234
    567891011
    12131415161718
    19202122232425
    26272829  
  • About Us
    Malware Blog > Facebook Applications Used For Phishing

    It would be easy to think that once someone has logged in successfully to Facebook—and not a phishing site—that the security threat is largely gone. However, that’s not quite the case, as we’ve seen before.

    Earlier this week, however, Trend Micro researcher Rik Ferguson found at least two—if not more—malicious applications on Facebook. (These were the Posts and Stream applications.) They were used for a phishing attack that sent users to a known phishing domain, with a page claiming that users need to enter their login credentials to use the application. The messages appear as notifications in a target user’s legitimate Facebook profile, as shown below. The links to the malicious site are highlighted:


    Figure 1. Facebook notifications page

    After entering the credentials, users would then be redirected to Facebook itself. (The posts detailing these findings can be found at the Counter Measures blog; the initial report is here and a follow-up was posted here.)

    While Trend Micro has informed Facebook of these findings, users should still exercise caution when entering login credentials. They should be doubly sure that these are being entered into legitimate sites, and not carefully crafted phishing sites. The particular site involved in this phishing attack is already blocked by the Smart Protection Network.

    Image credits: thanks to Rik Ferguson, Countermeasures blog.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    19 Responses to “Facebook Applications Used For Phishing”

    1. jayxc700 Says:

      There has been an outbreak of viruses on facebook with all my friend with a virus called “Personal Anti-virus” or PAV. I had to clean my computer and my latop and my neighbor had the same infection. You guys should find out more on this infection and fix it please. Thank you your faithful customer

    Trackbacks

    1. Twitter Trackbacks for Facebook Applications Used For Phishing [trendmicro.com] on Topsy.com
    2. TrendMicro (TrendMicro)
    3. _third (third marquez)
    4. kevinleb (Kevin Le Bouthillier)
    5. braciolanet (braciolanet)
    6. iia_security (Terry Walls)
    7. natecochrane (Nate Cochrane)
    8. GarlikCommunity (Garlik)
    9. Did you realize some Facebook apps are being used to steal your data? | HKNetLife - Blogging for Life
    10. Lurad på Facebook | jobbdator.se
    11. insecure » Facebook Applications Used For Phishing
    12. Sunday Roundup: Top Web Stories this Past Week III | WebDoctus
    13. Facebook looks for trust while scammers target their users — Groupings
    14. FaraVirusi.com » Aplicatii infectate pe Facebook
    15. Aplikasi Pencuri Data Facebook « Jaya saja…
    16. crolate (Cristián Olate)
    17. FaceBook Malicious Apps
    18. iGraphiX Blog | FaceBook Malicious Apps


     

    © Copyright 2011 Trend Micro Inc. All rights reserved. Legal Notice